A  Linear  Spine  Calculus 


Iliano  Cervesato  and  Frank  Pfenning1 
April  10,  1997 
CMU-CS-97-125 


School  of  Computer  Science 
Carnegie  Mellon  University 
Pittsburgh,  PA  15213 


Abstract 

We  present  the  spine  calculus  S^~ 0&T  as  an  efficient  representation  for  the  linear  A-calculus  A_>_0&T 
which  includes  intuitionistic  functions  (— >),  linear  functions  ( — o) ,  additive  pairing  (&),  and  additive  unit 
(T).  S^~ 0&T  enhances  the  representation  of  Church’s  simply  typed  A-calculus  as  abstract  Bohm  trees 
by  enforcing  extensionality  and  by  incorporating  linear  constructs.  This  approach  permits  procedures 
such  as  unification  to  retain  the  efficient  head  access  that  characterizes  first-order  term  languages  without 
the  overhead  of  performing  ^-conversions  at  run  time.  Potential  applications  lie  in  proof  search,  logic 
programming,  and  logical  frameworks  based  on  linear  type  theories.  We  define  the  spine  calculus,  give 
translations  of  A_>_0&T  into  S^~ 0&T  and  vice-versa,  prove  their  soundness  and  completeness  with  respect 
to  typing  and  reductions,  and  show  that  the  spine  calculus  is  strongly  normalizing  and  admits  unique 
canonical  forms. 
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1  Introduction 


The  internal  representation  of  A-calculi,  logics  and  type  theories  has  a  direct  impact  on  the  efficiency 
of  systems  for  symbolic  computation  that  implement  them,  theorem  provers  and  logic  programming 
languages  for  example.  In  particular,  major  gains  can  be  achieved  from  even  small  improvements  of 
procedures  that  manipulate  terms  extensively:  unification,  for  instance,  is  a  well-known  bottleneck  in 
the  execution  time  of  a  logic  program.  For  languages  based  on  first-order  terms,  Prolog  for  example, 
the  natural  representation  of  terms  supports  simple  and  fast  unification  algorithms.  Indeed,  a  function 
symbol  /  applied  to  three  arguments  a,  b  and  c,  written  f(a,  b,  c)  in  the  syntax  of  Prolog,  is  encoded  as 
a  record  consisting  of  the  head  /  and  the  list  of  its  arguments.  This  is  sensible  from  the  point  of  view 
of  unification  since  the  head  of  a  terms  must  be  analyzed  before  its  arguments.  Systems  embedding  a 
higher-order  term  language,  the  logic  programming  languages  Elf  [Pfe91,  Pfe94]  and  XProlog  [NM88]  for 
example,  typically  represent  terms  in  a  way  that  mimics  the  traditional  definition  of  a  A-calculus.  Ignoring 
common  orthogonal  optimizations  such  as  the  use  of  DeBruijn  indices  [dB72]  or  explicit  substitutions 
[ACCL91],  the  above  term  is  parsed  and  encoded  as  ({(fa)  b)  c).  During  unification,  three  applications 
(here  represented  as  juxtaposition)  must  be  traversed  before  accessing  its  head,  possibly  just  to  discover 
that  it  differs  from  the  head  of  the  term  being  unified.  This  representation  is  similarly  inefficient  when 
normalizing  a  term:  in  order  to  reduce  ((A*.  A  y.  A  z.  f  x  y  z)  ab  c)  to  the  above  term,  we  need  again  to  go 
through  three  applications  before  exposing  the  first  redex. 

Apparently,  adopting  an  internal  representation  that  treats  nested  applications  as  in  the  first-order 
case  (i.e. ,  as  a  head  together  with  a  list  of  arguments)  but  permits  A-abstraction  would  improve  signif¬ 
icantly  the  efficiency  of  higher-order  unification  algorithms.  This  approach,  known  as  the  Bohm  tree 
representation,  has  been  studied  extensively  for  different  purposes  [Bar80,  Her95].  However,  the  complex 
equational  theory  that  characterizes  a  A-calculus  leads  to  difficulties  in  procedures  such  as  unification 
and  normalization.  In  particular,  ry-conversion  rules  can  yield  instances  of  a  same  function  symbol  ap¬ 
plied  to  a  different  number  of  arguments.  This  might  even  lead  to  fragmented  lists  of  argument  as  the 
result  of  /3-reduction  (e.g.  while  performing  unification)  that  need  to  be  monitored  and  compacted  regu¬ 
larly.  Ultimately,  abstract  Bohm  trees  turn  out  to  be  even  more  complex  to  deal  with  than  traditional 
A-expressions.  Instead,  no  such  difficulty  emerges  with  the  trivial  equational  theory  of  first-order  terms. 

In  this  paper,  we  propose  a  variant  of  abstract  Bohm  trees  that  supports  efficient  head  accesses, 
but  that  does  not  suffer  from  the  drawbacks  we  just  mentioned.  This  representation  of  A-terms,  that 
we  call  generically  a  spine  calculus,  is  based  on  the  observation  that,  in  a  typed  A-calculus,  the  use 
of  the  troublesome  ry-conversion  rules  can  be  limited  to  a  preprocessing  phase  that  expands  terms  to 
unique  ry-long  forms,  which  are  preserved  by  /3-reduction.  Insisting  on  ?/-long  terms  has  the  advantage  of 
simplifying  the  code  for  procedures  such  as  unification  and  normalization,  of  permitting  easier  informal 
descriptions  of  these  algorithms,  and  more  generally  of  reducing  the  complexity  of  studying  the  meta¬ 
theory  of  such  formalisms.  Moreover,  A-calculi  featuring  a  unit  type  and  a  unit  element  do  not  admit 
subject  reduction  unless  all  terms  are  ^-expanded  [JG95] :  this  means  that  typing  information  must  be 
stored  and  maintained  in  otherwise  type-free  procedures  such  as  unification. 

The  benefits  of  the  spine  calculus  representation,  in  conjunction  with  explicit  substitutions,  are  cur¬ 
rently  assessed  in  a  new  implementation  of  the  logical  framework  LF  [HHP93]  as  the  higher-order  logic 
programming  language  Twelf  the  successor  of  Elf  [Pfe91,  Pfe94].  LF  is  based  on  the  type  theory  An,  a 
refinement  of  Church’s  simply-typed  A-calculus  A-*"  with  dependent  types.  In  this  paper,  we  will  instead 
focus  on  the  simply-typed  linear  A-calculus  A_>_0&T,  which  extends  A-*"  with  the  type  constructors  — o, 
&  and  T,  derived  from  the  identically  denoted  connectives  of  linear  logic  [Gir87] .  We  will  define  the  cor- 
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responding  spine  calculus  S^~ 0&T,  present  translations  between  the  two,  and  prove  the  meta-theoretical 
properties  of  S^~ 0&T  that  make  it  adequate  as  an  internal  representation  language  for  A_>_0&T.  Notice 
that  our  analysis  applies  to  any  sublanguage  of  A_>_0&T,  in  particular  to  A-*"  and  its  extension  with 
extensional  products  and  a  unit  type,  A_>&T;  moreover,  it  can  easily  be  extended  to  the  treatment  of 
dependent  types. 

A  similar  proposal  for  term  representation  was  already  mentioned  in  passing  by  Howard  in  his  seminal 
paper  [How69].  The  normal  forms  of  the  spine  calculus  also  arise  as  a  term  assignment  language  for 
uniform  proofs,  which  form  the  basis  for  abstract  logic  programming  languages  and  is  based  on  a  much 
richer  set  of  connectives  [MNPS91].  A  thorough  investigation  of  a  related  calculus  on  the  A-*"  fragment 
has  been  conducted  by  Herbelin  [Her95].  Schwichtenberg  [Sch97]  studies  a  version  of  the  intuitionistic 
spine  representation  and  ordinary  A-calculi  in  a  single  system  which  incorporates  permutative  conversions, 
instead  of  the  wholesale  translation  investigated  here  (which  is  closer  to  an  efficient  implementation). 

y->-o&T  correSp0nc[S;  via  a  natural  extension  of  the  Curry-Howard  isomorphism,  to  the  (— »^>&T) 
fragment  of  intuitionistic  linear  logic,  which  constitutes  the  propositional  core  of  the  logic  programming 
language  Lolli  [HM94]  and  of  the  linear  logical  framework  LLF  [Cer96,  CP96].  A_>_0&T  is  also  the 
simply-typed  variant  of  the  term  language  of  LLF .  Its  theoretical  relevance  derives  from  the  fact  that 
it  is  the  biggest  linear  A-calculus  that  admits  unique  long  /3?y-normal  forms.  A_>_0&T  shares  similarities 
with  the  calculus  proposed  in  [Bar96]  and  with  the  term  language  of  the  system  RLF  [IP96]. 

The  implementation  of  a  language  based  on  a  linear  type  theories  such  as  LLF  and  RLF  raises 
new  challenges  that  do  not  emerge  neither  for  intuitionistic  languages  such  as  Elf  [Pfe94],  nor  in  linear 
logic  programming  languages  featuring  plain  intuitionistic  terms  such  as  Lolli  [HM94]  or  Forum  [Mil94] . 
In  particular,  the  implementation  of  formalisms  based  on  a  linear  A-calculus  must  perform  higher-order 
unification  on  linear  terms  in  order  to  instantiate  existential  variables  [CP97].  The  spine  calculus  S^~ 0&T 
was  designed  as  an  efficient  representation  for  unification  and  normalization  over  the  linear  A-expressions 
that  can  appear  in  an  LLF  specification. 

The  adoption  of  linear  term  languages  in  LLF  and  RLF  has  been  motivated  by  a  number  of  appli¬ 
cations.  Linear  terms  provide  a  statically  checkable  notation  for  natural  deductions  [IP96]  or  sequent 
derivations  [CP96]  in  substructural  logics.  In  the  realm  of  programming  languages,  linear  terms  naturally 
model  computations  in  imperative  languages  [CP96]  or  sequences  of  moves  in  games  [Cer96].  When  we 
want  to  specify,  manipulate,  or  reason  about  such  objects  (which  is  common  in  logic  and  the  theory 
of  programming  languages),  then  internal  linearity  constraints  are  critical  in  practice  (see,  for  exam¬ 
ple,  the  first  formalizations  of  cut-elimination  in  linear  logic  and  type  preservation  for  Mim-ML  with 
references  [CP96]). 

The  principal  contribution  of  this  work  is  the  definition  of  spine  calculi  (1)  as  a  new  representation 
technique  for  generic  A-calculi  that  permits  both  simple  meta-reasoning  and  efficient  implementations, 
and  (2)  as  a  term  assignment  system  for  the  logic  programming  notion  of  uniform  provability. 

Our  presentation  is  organized  as  follows.  In  Section  2,  we  define  A_>_0&T  and  present  its  main 
properties.  We  introduce  the  syntax  and  the  typing  and  reduction  semantics  of  S^~ 0&T  in  Section  3. 
In  Section  4,  we  give  translations  from  the  traditional  presentation  to  the  spine  calculus  and  vice-versa 
and  show  that  they  are  sound  and  complete  with  respect  to  the  typing  and  reduction  semantics  of  both 
languages.  In  Section  5,  we  state  and  prove  the  major  properties  of  S^~ 0&T.  Further  remarks  are  made 
in  Section  6.  Finally,  Section  7  summarizes  the  work  done,  discusses  applications  and  hints  at  future 
development.  In  order  to  facilitate  our  description,  we  must  assume  the  reader  familiar  with  linear  logic 
[Gir87], 

2  The  Linear  Simply- Typed  Lambda  Calculus 

In  this  section,  we  introduce  the  linear  simply-typed  A-calculus  A_>_0&T,  which  augments  Church’s  simply- 
typed  A-calculus  A-*"  [Chu40]  with  a  number  of  operators  from  linear  logic  [Gir87].  More  precisely,  we 
give  its  syntax  in  Section  2.1,  present  its  typing  semantics  in  Section  2.2  and  its  reduction  semantics  in 
Section  2.3.  A_>_0&T  is  the  simply-typed  variant  of  the  linear  type  theory  An_0&T,  thoroughly  analyzed 
in  [Cer96].  We  refer  the  interested  reader  to  this  work  for  the  proofs  of  the  properties  of  A_>_0&T  stated 
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Pre  —  canonical  terms 


,  ;  A  hs  Mja 

-  1  A_atm 

,  ;  A  bE  M  ff  a 

,  ;AbE  MfrA  ,  ;  A  hs  N  ft  B 


■  1  A_unit 


,;Ah  (}  fr  t 

,  ;  A,  £ :  A  bE  M  f|-  B 

- ] 

,  ;  A  bE  Xx :  A.  M  fr  A  —o  B 


,  ;A  bE  (M,N)  fr  AkB 

,  ,x\A\  A  bE  M  f|-  B 
,  ;  A  bE  Xx :  A.  M  A  — >  B 


•  lA_pair 


Pre  — atomic  terms 


,  ;  •  bE  ,c:A  Cl  A 
(No  rule  for  T) 


,  ;AhE  M  it  A 
,  ;  A  bE  MIA 

- 1 

,  ;i:lhE  x  l  A 

,  ;  A  bE  M  l  AkB 

- 1A_ 

,  ;  A  bE  fst  MIA 


,  ,  x :  A;  ■  bE  x  l  A 

;  A  hE  M  l  Ak,  B 

- ] 

;  A  bE  snd  M  l  B 


■  lA_ivar 


,  ;  A7  bE  M  l  A  —o  B  ,;A"hzNi\A 
,  ;A',A"  bE  M~N  IB 


•  lA_lapp 


,  ;  A  bE  M  l  A  ^  B  ,  hs  ATfr  A 
,  ;  A  bE  M  N  IB 


•  lA_iapp 


Figure  1:  Typing  for  ry-long  A" ^  0&T  Terms 


in  this  section. 


2.1  Syntax 

The  linear  simply-typed  A-calculus  A_>_0&T  extends  Church’s  A-*"  with  the  three  type  constructors  — o 
( multiplicative  arrow),  &  ( additive  product)  and  T  ( additive  unit),  derived  from  the  identically  denoted 
connectives  of  linear  logic.  The  language  of  terms  is  augmented  accordingly  with  constructors  and 
destructors,  devised  from  the  natural  deduction  style  inference  rules  for  these  connectives.  Although  not 
strictly  necessary  at  this  level  of  the  description,  the  inclusion  of  intuitionistic  constants  is  convenient  in 
developments  of  this  work  that  go  beyond  the  scope  of  this  paper.  We  present  the  resulting  grammar  in 
a  tabular  format  to  relate  each  type  constructor  (left)  to  the  corresponding  term  operators  (center),  with 
constructors  preceding  destructors.  Clearly,  constants  and  variables  can  have  any  type. 


Types:  A 


a 

Ai  — >  A2 

Al  —c  A’2 
A\  &  A 2 
T 


Terms:  M 


-  c  |  x 
|  A x:A.M 
|  A x:A.M 
I  (MuM2) 

I  0 


|  Mi  M2  (intuitionistic  functions) 

I  Mi  *  M2  ( linear  functions) 

|  FST  M  |  SND  M  ( additive  pairs) 

( additive  unit) 


Here  x,  c  and  a  range  over  variables,  constants  and  base  types,  respectively.  In  addition  to  the  names 
displayed  above,  we  will  often  use  N  and  B  for  terms  and  types,  respectively. 

The  notions  of  free  and  bound  variables  are  adapted  from  A-*" .  As  usual,  we  identify  terms  that  differ 
only  in  the  name  of  their  bound  variables  and  write  [M/x\N  for  the  capture-avoiding  substitution  of  M 
for  x  in  the  term  N . 


2.2  Typing  Semantics 

As  usual,  we  rely  on  signatures  and  contexts  to  assign  types  to  constants  and  free  variables,  respectively. 
Signatures:  E  ::=  •  |  E,c  :  A  Contexts:  ,  ::=  •  |  ,  ,x  :  A 
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We  will  also  use  the  letter  A,  possibly  subscripted,  to  indicate  a  context.  Contexts  and  signatures 
are  treated  as  multisets;  we  promote  to  denote  their  union  and  omit  writing  when  unnecessary. 
Finally,  we  require  variables  and  constants  to  be  declared  at  most  once  in  a  context  and  in  a  signature, 
respectively. 

Operating  solely  on  well-typed  terms  in  ?/-long  form  is  particularly  convenient  when  implementing 
operations  such  as  unification  since  it  strongly  restricts  the  structure  that  a  term  of  a  given  type  can 
assume.  Instead,  untyped  ^-conversion  rules  are  often  included  in  the  reduction  semantics  of  a  A-calculus 
in  order  to  focus  on  ?/-long  representatives  when  needed.  In  the  presence  of  a  unit  element,  (}  in  A_>_0&T, 
this  approach  is  unsound.  We  cleanly  realize  the  above  desideratum  by  distinguishing  a  pre-canonical 
typing  judgment,  which  validates  precisely  the  well-typed  terms  of  A_>_0&T  in  ?/-long  form  ( pre-canonical 
terms),  from  a  pre-atomic  judgment,  which  handles  intermediate  stages  of  their  construction  (pre-atomic 
terms).  These  judgments  are  respectively  denoted  as  follows: 

,  ;  A  bs  M  ft  A  M  is  a  pre-canonical  term  of  type  Am,]  A  and  E 

,  ;  A  h y,  M  \,  A  M  is  a  pre-atomic  term  of  type  Am,]  A  and  E 

where  ,  and  A  are  called  the  mtuitiomstic  and  the  linear  context,  respectively.  Whenever  a  property 
holds  uniformly  for  the  pre-canonical  and  pre-atomic  judgments  above,  we  will  write  ,  ;  A  hs  M  jjj,  A 
and  then  refer  to  the  term  M  and  the  type  A  if  needed.  Moreover,  if  two  or  more  such  expressions 
occur  in  a  statement,  we  assume  that  the  arrows  of  the  actual  judgments  match,  unless  explicitly  stated 
otherwise. 

The  rules  displayed  in  the  upper  part  of  Figure  1  validate  pre-canonical  terms  M  by  deriving  judgments 
of  the  form  ,  ;Ahs  M  ft  A.  Rules  lA_unit,  lA_pair,  lAJlam  and  1A  Jlam  allow  the  construction  of  terms 
of  the  form  (},  (Mi,  M2),  Xx  :  A.  M ,  and  A x  :  A.  M ,  respectively.  The  manner  they  handle  their  context 
is  familiar  from  linear  logic.  Notice  in  particular  that  lA_unit  is  applicable  with  any  linear  context 

and  that  the  premisses  of  rule  lA_pair  share  the  same  context,  which  also  appears  in  its  conclusion. 

Rules  lAJlam  and  lA_ilam  differ  only  by  the  nature  of  the  assumption  they  add  to  the  context  in  their 
premiss:  linear  in  the  case  of  the  former,  intuitionistic  for  the  latter.  The  remaining  rule  defining  the 
pre-canonical  judgment,  lA^atm,  is  particularly  interesting  since  it  is  the  reason  why  all  terms  derivable 
in  the  pre-canonical  system  are  in  ?/-long  form.  Notice  that  this  rule  can  be  applied  only  at  base  types. 

The  rules  defining  the  pre-atomic  judgment,  ,  ;  A  hs  M  f  A,  are  displayed  in  the  lower  part  of 
Figure  1.  They  validate  constants  (rule  lA_con)  and  linear  and  intuitionistic  variables  (rules  lAJvar  and 
lA_ivar,  respectively).  They  also  allow  the  formation  of  the  terms  FST  M ,  SND  M ,  M~N  and  M  N  (rules 
lA_fst,  lA_snd,  lAJapp  and  lA_iapp,  respectively).  The  role  played  by  linear  assumptions  in  A_>_0&T  is 
particularly  evident  in  these  rules.  Indeed,  an  axiom  rule  (lA_con,  lAJvar  and  lA_ivar)  can  be  applied 
only  if  the  linear  part  of  its  context  is  empty,  or  contains  just  the  variable  to  be  validated,  with  the  proper 
type.  Linearity  appears  also  in  the  elimination  rule  for  — o,  where  the  linear  context  in  the  conclusion 
of  rule  lAJapp  is  split  and  distributed  among  its  premisses.  Observe  also  that  the  linear  context  of  the 
argument  part  of  an  intuitionistic  application,  in  rule  lAJapp,  is  constrained  to  be  empty.  The  presence 
of  rule  lA_redex  accounts  for  the  possibility  of  validating  terms  containing  /3-redices,  as  defined  below. 
If  we  remove  it,  only  ry-long  /3-normal  (or  more  succinctly  canonical)  terms  can  be  derived. 

This  formulation  of  the  typing  semantics  of  A_>_0&T  is  the  simply-typed  variant  of  the  pre-canonical 
system  which  defines  the  semantics  of  the  linear  type  theory  underlying  LLF  [Cer96,  CP96].  We  direct 
the  interested  reader  to  these  references  for  the  proofs  of  the  statements  in  this  section. 

If  we  ignore  the  terms  and  the  distinction  between  the  pre-canonical  and  the  pre-atomic  judgments, 
the  rules  in  Figure  1  correspond  to  the  specification  of  the  familiar  inference  rules  for  the  (— >  — o&T) 
fragment  of  intuitionistic  linear  logic,  ILL~^~oiiT  [HM94],  presented  in  a  natural  deduction  style.  It  is 
easy  to  prove  the  equivalence  to  the  usual  sequent  formulation.  A_>_0&T  and  ILL~^~oiiT  are  related  by 
a  form  of  the  Curry-Howard  isomorphism:  the  terms  that  appear  on  the  left  of  the  types  in  the  above 
judgments  record  the  structure  of  a  natural  deduction  proof  for  the  corresponding  linear  formulas.  Note 
that  the  interactions  of  rules  A_unit  and  A_lapp  can  flatten  distinct  proofs  to  the  same  A_>_0&T  term. 

Extensionality,  i.e. ,  the  property  of  validating  only  ?/-long  terms,  contributes  to  achieving  the  simple 
and  elegant  formulation  of  the  pre-unification  algorithm  for  A_>_0&T  described  in  [CP97] .  More  im¬ 
portantly,  this  property  and  the  subject  reduction  lemma  below  account  for  the  possibility  of  omitting 
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type  information  in  an  implementation  of  this  procedure,  an  essential  efficiency  gain.  Extensionality  is 
formalized  in  the  following  lemma,  which  proof  can  be  easily  adapted  from  [Cer96]. 

Lemma  2.1  ( Extensionality ) 

i.  If  ,  ;  A  hs  M  ft  a,  then  M  is  one  of  c,  x,  fst  N,  snd  N,  Ni'~N2,  NiN^; 

ii.  If  ,  ;  A  bs  M  fr  T,  then  M  =  ()/ 

m.  If  ,  ;  A  hs  M  A  &  B,  then  M  = 

w.  If  ,  ;  A  hs  M  ft  A  — o  B,  then  M  =  Xx  :  A.  N ; 

v.  If  ,  ;  A  hs  M  ft  A  — y  B,  then  M  =  Xx  :  A.  N .  □ 

2.3  Reduction  Semantics 

The  reduction  semantics  of  A_>_0&T  is  given  by  the  congruence  relation  on  terms  — >■  based  on  the 
following  /3-reduction  rules: 

Pfst  ■  fst  (M,  N)  — y  M  !3lapp:  {Xx:A.  M)  "N  — >  [N/x]M 

P,nd:  snd  (M,  N)  — y  N  j3lapp  :  (Xx  :A.M)N  — >  [N / x]M. 

The  complete  dehnition  of  — >  is  displayed  in  Figure  2.  If  M  — >  N  is  derivable,  then  N  differs  from 
M  by  the  reduction  of  exactly  one  redex.  We  denote  its  reflexive  and  transitive  closure  as  — >* ,  and  use 
=  for  the  corresponding  equivalence  relation.  It  is  easy  to  show  that  the  rules  obtained  from  Figure  2 
by  replacing  — >  with  — >*  (or  even  with  =)  are  admissible.  We  adopt  the  standard  terminology  and 
call  a  term  M  that  does  not  contain  /3-redices  normal,  or  /3-normal.  When  emphasizing  the  fact  that  our 
well-typed  terms  are  ?/-long,  we  will  instead  use  the  term  canonical. 

Similarly  to  A-*" ,  A_>_0&T  enjoys  a  number  of  highly  desirable  properties  [Cer96].  In  particular, 
confluence  and  the  Church-Rosser  property  hold  for  this  language,  as  expressed  by  the  following  lemma: 

Theorem  2.2  (Church-Rosser) 

Confluence:  If  M  — M’  and  M  — M" ,  then  there  is  a  term  N  such  that 
M’  — N  and  M"  — N. 

Church-Rosser:  If  M’  =  M" ,  then  there  is  a  term  N  such  that  M’  — N  and  M"  — >*  N .  □ 
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Moreover,  A_>_0&T  enjoys  the  following  substitution  principle  (also  known  as  transitivity  lemma), 
that,  among  many  interpretations,  permits  viewing  variables  as  unspecified  hypothetical  derivations  to  be 
instantiated  with  actual  derivations.  Notice  the  different  treatment  of  intuitionistic  and  linear  variables. 

Lemma  2.3  ( Transitivity ) 

i.  If  ,  ;  A,  x  :  B  bs  M  f|j,  A  and  ,  ;  A'  bs  N  ft  B,  then  ,  ;  A,  A'  bs  [N/x\M  jjj,  A. 
n.  If  ,  ,  x  :  B\  A  bs  M  fpj,  A  and  ,  ;  •  bs  N  jj-  B,  then  ,  ;  A  bs  [N/x]M  jjj,  A.  □ 

An  important  computational  property  of  a  typed  A-calculus  is  subject  reduction:  it  states  that  reduc¬ 
tions  do  not  alter  the  typability  (and  the  type)  of  a  term.  The  lemma  below  also  implies  that  /3-reductions 
do  not  interfere  with  extensionality:  reducing  a  redex  rewrites  ry-long  terms  to  ry-long  terms. 

Lemma  2.4  ( Subject  reduction) 

If  ,  ;Abs  M  ffj,  A  and  M  — >*  N ,  then  ,  ;  A  bs  N  f|j,  A.  □ 

Our  calculus  also  enjoys  strong  normalization,  i.e. ,  a  well-typed  term  cannot  undergo  an  infinite 
sequence  of  /3-reductions.  Said  in  another  way,  a  normal  form  will  eventually  be  reached  no  matter  which 
/3-redex  we  choose  to  reduce  first. 

Theorem  2.5  ( Strong  normalization) 

If  ,  ;Abs  M  f|j.  A,  then  M  is  strongly  normalizing.  □ 


Finally,  well-typed  terms  have  unique  normal  forms,  up  to  the  renaming  of  bound  variables.  Since 
every  extension  of  A_>_0&T  (for  example  with  Cb  and  multiplicative  pairs)  introduces  commutative  con¬ 
versions,  this  language  is  the  largest  linear  A-calculus  for  which  strong  normalization  holds  and  yields 
unique  normal  forms. 

Corollary  2.6  [Uniqueness  of  normal  forms) 

If  ,  ;Abs  M  A,  then  there  is  a  unique  normal  term  N  such  that  M  — >*  N.  □ 

We  write  Can (M)  for  the  canonical  form  of  the  term  M ,  defined  as  the  ^-expansion  of  its  /3-normal  form. 
A  calculus  that  validates  only  canonical  terms  can  easily  be  obtained  from  the  system  in  Figure  1  by 
removing  rule  lA_redex. 

To  achieve  better  efficiency  in  an  implementation  of  this  calculus,  we  sometimes  refer  to  the  weak 
head-normal  form  of  a  term  M ,  written  M,  that  differs  from  Can (M)  for  the  possible  presence  of  redices 
in  the  arguments  of  applications.  Notice  that  x  corresponds  to  the  ?/-long  form  of  the  variable  x. 

3  The  Spine  Calculus  5^-°&T 

In  this  section,  we  present  an  alternative  formulation  of  A_>_0&T,  the  spine  calculus  S^~ 0&T,  that  we 
suspect  permits  achieving  more  efficient  implementation  of  critical  procedures  such  as  unification  [CP97]. 
We  describe  the  syntax,  typing  and  reduction  semantics  of  S^~ 0&T  in  Sections  3.1,  3.2  and  3.3,  respec¬ 
tively.  We  will  formally  state  the  equivalence  of  and  S^~ 0&T  in  Section  4  and  prove  major 

properties  of  the  spine  calculus  in  Section  5. 
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3.1  Syntax 


Unification  algorithms  base  a  number  of  choices  on  the  nature  of  the  heads  of  the  terms  to  be  unified. 
The  head  is  immediately  available  in  the  first-order  case,  and  still  discernible  in  A-*"  since  every  ?/-long 
normal  or  weak  head-normal  term  has  the  form 

Xxi:  Ai.  . . .  Xxn:  An .  t  M i  . . .  Mm 

where  the  head  t  is  a  constant  or  a  variable  and  ( t  M i  .  .  .  Mm)  has  base  type.  The  usual  parentheses 
saving  conventions  hide  the  fact  that  t  is  indeed  deeply  buried  in  the  sequence  of  application  and  therefore 
not  immediately  accessible.  A  similar  notational  trick  is  not  achievable  in  A_>_0&T  since  on  the  one  hand 
a  term  of  composite  type  can  have  several  heads  (e.g.  (ci  "x,  "*)),  possibly  none  (e.g.  (}),  and  on  the 

other  hand  destructors  can  be  interleaved  arbitrarily  in  a  term  of  base  type  (e.g.  FST  ((snd  c)  ~x  y)). 

The  spine  calculus  S^~ 0&T  permits  recovering  both  efficient  head  accesses  and  notational  convenience. 
Every  atomic  term  M  of  A_>_0&T  is  written  in  this  presentation  as  a  root  H  ■  S,  where  H  corresponds 
to  the  head  of  M  and  the  spine  S  collects  the  sequence  of  destructors  applied  to  it.  For  example, 
M  =  (t  Mi  .  .  .  Mm)  is  written  U  =  ...Um;NlL)  in  this  language,  where  represents  application, 

NIL  identifies  the  end  of  the  spine,  and  Ui  is  the  translation  of  Ms-.  Application  and  have  opposite 
associativity  so  that  M i  is  the  innermost  subterm  of  M  while  U 1  is  outermost  in  the  spine  of  U .  This 
approach  was  suggested  by  an  empirical  study  of  higher-order  logic  programs  based  on  A-*"  terms  [MP92] 
and  is  reminiscent  of  the  notion  of  abstract  Bohm  trees  [Bar80,  Her95];  its  practical  merits  in  our  setting 
are  currently  assessed  in  an  experimental  implementation  of  a  unification  algorithm  for  LLF  [Cer96,  CP96] 
and  a  complete  system  for  an  extension  of  LF .  The  following  grammar  describes  the  syntax  of  S~^~ 0&T: 
we  write  constructors  as  in  A_>_0&T,  but  use  new  symbols  to  distinguish  a  spine  operator  from  the 
corresponding  term  destructor. 

Terms:  U  ::=  H  ■  S 

|  Xx-.A.U 
|  Xx\A.U 
I  (UuU2) 

I  0 

We  adopt  the  same  syntactic  conventions  as  in  A_>_0&T  and  often  write  V  for  terms  in  S~^~ 0&T.  Generic 
terms  are  allowed  as  heads  in  order  to  construct  /3-redices.  Indeed,  normal  S~^~ 0&T  terms  have  either  a 
constant  or  a  variable  as  their  heads. 

3.2  Typing  Semantics 

The  typing  judgments  for  terms  and  spines  are  denoted  as  follows: 

,  ;  A  b s  U  :  A  U  is  a  term  of  type  A  in  ,  ;  A  and  E 

,  ;  A  bs  S  :  A  >  a  S  is  a  spine  from  heads  of  type  A  to  terms  of  type  a  in  ,  ;  A  and  E 

The  latter  expresses  the  fact  that  given  a  head  H  of  type  A,  the  root  H  ■  S  has  type  a.  Notice  that  the 

target  type  of  a  well-typed  spine  is  a  base  type.  This  has  the  desirable  effect  of  permitting  only  ry-long 
terms  to  be  derivable  in  this  calculus:  allowing  arbitrary  types  on  the  right-hand  side  of  the  spine  typing 
judgment  corresponds  to  dropping  this  property.  Abstract  Bohm  trees  [Bar80,  Her95]  are  obtained  in 
this  manner. 

The  mutual  definition  of  the  two  typing  judgments  of  S~^~ 0&T  is  given  in  Figure  3.  The  rules 
concerning  terms  resemble  very  closely  the  definition  of  the  pre-canonical  judgment  of  A_>_0&T,  except 
for  the  treatment  of  heads.  The  rules  for  the  spine  typing  judgment  are  instead  related  to  pre-atomic 
typing  in  A_>_0&T.  The  opposite  associativity  that  characterizes  the  spine  calculus  with  respect  to  the 
more  traditional  formulation  is  reflected  in  the  manner  types  are  managed  in  the  lower  part  of  Figure  3. 

We  conclude  this  section  by  showing  that,  as  for  A_>_0&T,  the  typing  relation  of  S~^~ 0&T  validates 
only  terms  in  ry-long  form,  as  expressed  by  the  lemma  below. 


Spines:  S  ::=  NIL  Heads:  H  ::=  c  \  x  \  U 

I  U;S 

I  u-s 

I  TilS1  |  TlS1 
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Terms 


,  ;  A  b s,c:A  S  :  A  >  a 

-  lS_con 

,  ;  A  b s,c:A  c  ■  S  :  a 


A'  bE  U  :  A  ,  ;  A"  bE  S  :  A  >  a 

- lS_redex 

,  ;A',A"  bE  U  -S:  a 


,  ;  A  bE  S  :  A  >  a 

- lS_lvar 

,  ;  A,  x  :  A  bE  x  ■  S  :  a 


,  ,  x  :A;  A  bE  S  :  A  >  a 

- lS_ivar 

,  ,  x  :  A;  A  bE  x  ■  S  :  a 


-  lS_unit 

,  ;A  bE  (}  :  T 
,  ;  A,  x  :  A  hs  U  :  B 

- lS_llam 

,  ;  A  hs  Xx :  A.  U  :  A  —o  B 


,  ;  A  hs  Ui  :  Ai  ,  ;  A  hs  U2  :  A2 

- lS_pair 

,  ;A  bE  (t/i,t/2>  :  A1k,A2 
,  ,  x :  A\  A  hs  U  :  B 

- lS_ilam 

,  ;  A  hs  Xx :  A.  U  :  A  — )■  B 


Spines 


(No  spine  rule  for  T) 


- lS_nil 

,  ;  •  bE  NIL  :  a  >  a 

,  ;  A  bE  S  :  Ai  >  a 

- lS_fst 

,  ;  A  bE  7ri  S  :  Ai  &  A2  >  a 


,  ;  A  bE  S  :  A2  >  a 

-  lS_snd 

,  ;  A  bE  n2S  :  Ai  k,  A2  >  a 


,  ;  A'  bE  U  :  A  ,  ;  A"  bE  S  :  B  >  a 

- lS_lapp 

,  ;  A',  A"  bE  t/;5  :  A-o  B  >  a 


,  b  E(/:fl  ,  ;  A  bE  5  :  B  >  a 

-  lS_iapp 

,  ;  A  bE  U;S  :  A^  B  >  a 


Figure  3:  Typing  for  ry-long  S 0&T  Terms 


Lemma  3.1  ( Extensionahty ) 

i.  If  ,  ;  A  bs  U  :  a,  then  U  =  H  ■  S; 

ii.  If  ,  ;  A  bs  U  :  T,  then  U  =  {); 

m.  If  ,  ;  A  bs  U  :AkB,  then  U  =  (Vi,V2); 
w.  If  ,  ;  A  bs  U  :  A—o  B,  then  IJ  =  Xx  :  A.  V; 

v.  If  ,  ;  A  bs  U  :  A  -A  B,  then  U  =  Xx  :  A.  V. 


Proof. 

By  inversion  on  the  given  derivations.  SZf 

Notice  how  the  structure  of  S^~ 0&T  terms,  in  particular  the  availability  of  roots,  permits  a  leaner 
statement  of  extensionahty  as  compared  with  the  traditional  formulation  in  Lemma  2.1. 


3.3  Reduction  Semantics 


We  will  now  concentrate  on  the  reduction  semantics  of  S 0&T.  The  natural  translation  of  the  /3-rules 
of  (right)  yields  the  fl-Teduetions  displayed  on  the  left-hand  side  of  the  following  table: 


(U,  V)  ■  (tt1S)  -Ap  u-s 
(U,V)-(tt2S)  A/3  v-s 
(A x:A.U)-{V-S)  -A,}  [V/x]U-S 
(A x:A.U)-{V;S)  -Ap  [V/x]U  ■  S 


fst  (M,  N)  — y  M 
snd  (M,  N)  — >  N 
(A x-.A.MYN  — t  [N/x\M 
(A x:A.M)N  — >  [N/x\M 


The  trailing  spine  in  the  reductions  for  S 0&T  is  a  consequence  of  the  fact  that  this  language  reverses  the 

nesting  order  of  A_>_0&T  destructors.  We  call  the  expression  patterns  on  the  left-hand  side  of  the  arrow 
5 

/3-redices.  We  write  — for  the  congruence  relation  based  on  these  rules  and  overload  this  notation  to 
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apply  to  both  terms  and  spines.  We  denote  the  reflexive  and  transitive  closure  of  this  relation  as  — 

S 

Formal  inference  rules  for  — Yp  are  obtained  by  considering  the  two  upper  and  the  lower  segments  of 
Figure  4. 

The  structure  of  roots  in  the  spine  calculus  makes  one  more  reduction  rule  necessary,  namely: 

(H  ■  S)  ■  NIL  -^4nil  H  ■  S 

S 

We  call  this  rule  NIL -reduction,  its  left-hand  side  a  NlL-recfec  and  write  — »NIL  for  the  congruence  relation, 
for  both  terms  and  spines,  built  on  top  of  it.  It  is  formally  defined  by  the  topmost  three  parts  of  Figure  4. 

5 

We  denote  its  reflexive  and  transitive  closure  as  — >-*IL  and  the  corresponding  equivalence  relation  as 
s_ 

—NIL  • 

5  .  S  S  • 

We  write  — >  for  the  union  of  — Yp  and  — >-NIL.  It  is  the  congruence  relation  obtained  by  allowing 
the  use  of  both  /3-reductions  and  the  NlL-reduction.  This  is  the  relation  we  will  use  as  the  basis  of 

5  5 

the  reduction  semantics  of  S^~ 0&T.  We  reserve  — for  its  reflexive  and  transitive  closure,  and  = 

5 

for  the  corresponding  equivalence  relation.  The  complete  definition  of  — >■  is  displayed  in  Figure  4.  As 
for  A_>_0&t,  the  rules  obtained  from  this  figure  by  replacing  — with  — are  admissible.  This  fact 
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will  enable  us  to  lift  every  result  below  mentioning 
properties  of  — or  ~^nil)  respectively). 

Finally,  a  S^~ 0&T  term  or  spine  that  does  not 
use  instead  the  adjective  canonical  when  this  object 
property,  every  well-typed  normal  term  is  canonical. 


S  •  S  S 

— >  (possibly  as  — or  — >-NIL)  to  corresponding 

contain  any  (3 -  or  NlL-redex  is  called  normal.  We 
is  also  in  ry-long  form.  By  the  above  extensionality 


NlL-reduction  appears  as  an  omnipresent  nuisance  when  investigating  the  meta-theory  of  S 0&T 

5 

in  Section  5.  Fortunately,  we  can  isolate  the  main  properties  of  — »NIL  and,  by  the  very  nature  of  the 
NlL-reduction,  achieve  simple  proofs  of  these  results.  We  will  therefore  dedicate  the  remainder  of  this 
section  to  this  task. 

The  analysis  of  the  interplay  between  typing  and  NlL-reduction  reveals  that  this  relation  enjoys  the 
subject  reduction  property,  as  stated  by  the  following  lemma.  Flere  and  below,  we  abbreviate  the  phrases 
“the  judgment  J  has  derivation  J”  and  “there  is  a  derivation  J  of  the  judgment  </”  as  J  ::  J . 


Lemma  3.2  (nil -reduction  preserves  typing) 

i.  If  U  ::  ,  ;  A  bs  U  :  A  and  1Z  ::  U  -ANIL  U' ,  then  W  ::  ,  ;  A  bs  U'  :  A. 
n.  If  S  ::  ,  ;  A  hs  S  :  A  >  a  and  7 Z  ::  S  — ^-Nil  S' ,  then  S'  ::  ,  ;  A  hs  S'  :  A  >  a. 


Proof. 

By  induction  on  the  structure  of  1Z  and  inversion  on  U  and  S. 


szf 


A  further  property,  that  we  will  use  in  Section  5  is  that  the  use  of  NlL-reduction  in  the  reverse  direction, 
i.e. ,  as  an  expansion  rule,  preserves  typing  too. 

Lemma  3.3  (nil -expansion  preserves  typing) 

i.  If  IZ::  U  ANIL  U'  and  W  ::  ,  ;  A  bs  U'  :  A,  then  U  ::  ,  ;  A  bs  U  :  A. 

n.  If  7 Z  ::  S  — ^-Nil  S'  and  S'  ::  ,  ;  A  bs  S'  :  A  >  a,  then  S  ::  ,  ;  A  bs  S  :  A  >  a. 

Proof. 

By  induction  on  the  structure  of  IZ  and  inversion  on  U'  and  S' .  SZf 

We  now  concentrate  on  the  properties  of  S^~ 0&T  and  — ^nil  as  a  rewriting  system.  An  application 
of  rule  Sr_nil  reduces  a  NlL-redex  by  eliminating  a  trailing  NIL  spine.  Therefore,  only  as  many  NIL- 

reductions  can  be  chained  starting  from  a  given  term  as  the  number  of  NlL-redices  present  in  it.  This 

implies  that  any  sequence  of  NlL-reductions  is  terminating  in  S^~ 0&T. 

Lemma  3.4  ( Strong  NIL -normalization) 

Every  maximal  sequence  of  NlL-reductions  starting  at  a  term  U  (spine  S )  is  finite. 

Proof. 

A  formal  proof  goes  by  induction  on  the  structure  of  IJ  and  S.  SZf 

This  property  entails  also  that,  given  a  term  U ,  there  is  only  a  finite  number  of  terms  V  such  that 
U  — — V  is  derivable.  Therefore  checking  whether  U  — — V  has  a  derivation  is  decidable.  Clearly, 
these  results  hold  also  for  spines. 

If  the  NlL-reduction  rule  is  applicable  in  two  positions  in  a  term,  the  resulting  terms  can  be  reported  to 
a  common  reduct  by  a  further  application  (unless  they  are  already  identical).  This  property  is  formalized 
in  the  following  local  confluence  lemma,  that  applies  equally  to  terms  and  spines. 
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Lemma  3.5  ( Local  confluence) 

If  IZ'  ::  U  -ANIL  U'  and  11"  ::  U 


IJ" ,  then  either  IJ'  =  IJ"  or  there  is  a  term  V  such  that 


TV  ::  IJ' 


V  and  11**  ::  U'J 


»NIL  V,  and  similarly  for  spines. 


Proof. 

By  simultaneous  induction  on  the  structure  of  1Z'  and  1Z" . 


szf 


Well-known  results  in  term  rewriting  theory  [DJ90]  allow  lifting  this  property,  in  the  presence  of 

5 

termination,  to  the  reflexive  and  transitive  closure  of  — »NTt,. 


Corollary  3.6  ( Confluence ) 

If  IZ'  ::  IJ  — »*IL  IJ'  and  1Z"  ::  IJ  then  there  is  a  term  V  such  that  1Z*  ::  IJ'  — 

and  IZ**  ::  IJ"  — — y*:L  V,  and  similarly  for  spines. 


V 


We  say  that  a  term  or  a  spine  is  in  NIL -normal  form  if  it  does  not  contain  any  NlL-redex.  Since  — »NIL 
eliminates  a  NlL-redex,  an  exhaustive  application  to  a  term  IJ  (a  spine  S)  yields  a  NlL-normal  term  (spine, 
respectively) .  A  combination  of  the  results  above  ensures  that  a  NlL-normal  form  is  eventually  found  (by 
the  termination  lemma),  and  that  it  is  unique  (by  confluence).  This  is  the  essence  of  the  uniqueness 
lemma  below. 


Lemma  3.7  (  Uniqueness  of  NlL-normal  forms) 

For  every  term  U  (spine  S )  there  is  a  unique  NIL -normal  term  V  (spine  S')  such  that  U 


V 


S',  respectively). 


(S  - 

Proof. 

Since  — — is  terminating,  there  is  at  least  one  term  V  such  that  IJ  — — »*IL  V  is  derivable  and  such 
that  V  does  not  admit  further  NlL-reductions.  Then  V  cannot  contain  any  NlL-redex. 

Assume  that  there  are  two  such  term,  V'  and  V"  say.  Then  by  confluence,  they  must  have  a  common 
NlL-reduct  V.  However,  since  neither  V'  nor  V"  admit  NlL-reductions,  it  must  be  the  case  that  V'  = 

V"  =  V. 

A  similar  analysis  applies  to  spines.  SZf 


We  denote  the  NlL-normal  form  of  a  term  U  and  a  spine  S  as  NFnil(17)  and  respectively. 

Furthermore,  we  write  S',^L_0&T  for  the  sublanguage  of  S^~ 0&T  that  consists  only  of  NlL-normal  terms. 

In  Section  5,  we  will  take  advantage  of  the  following  technical  result  that  states  that  substitution 
preserves  NlL-reducibility. 


Lemma  3.8  ( Substitution ) 


i.  If  R  ::  I 
it.  If  1Z::S 


L  U'  and  IZv  V 
S'  and  IZv  V  ■ 


Proof. 

By  induction  on  the  structure  of  IZ. 


LV',  then  IZ'  ::  [V/x]U  -^*IL  [V'/x]U'. 
V',  then  IZ'  ::  [V / x]S  A(IL  [V'/x]S'. 


szf 


We  conclude  this  section  by  analyzing  how  NlL-reduction  interacts  with  the  /3-reduction  rules  of 
S~^~ °&T.  The  interesting  result  is  that  NlL-reductions  can  always  be  pushed  past  /3-reductions,  as  ex¬ 
pressed  by  the  following  lemma.  We  render  this  property  graphically  by  means  of  the  diagram  on  the 
right:  derivations  given  as  assumptions  are  represented  with  full  lines,  while  derivations  whose  existence 
needs  to  be  shown  are  displayed  using  dotted  edges.  For  typographic  reasons,  we  use  a  double  arrow 
rather  than  a  star  (*)  in  order  to  denote  the  reflexive  and  transitive  closure  of  a  relation 
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Lemma  3.9  ( Postponing  NIL -reductions) 

If  TZn1l  ::  U  Anil  V'  and  Up  ::  V' 
such  that  TZ'p  ::  U  -^-tp  U'  and  TZ'mL  ::  U' 


s 


V, 

V, 


then  there  is  a  term  U' 
and  similarly  for  spines. 


Proof. 

By  induction  on  the  structure  of  T2.NjL 


szf 


U  ■ 


,V' 


t/3 

U' . 


,v 


Notice  that  postponing  a  NlL-reduction  can  lead  to  any  number  of  instances  of  it,  possibly  zero.  They 
should  all  be  reduced  to  have  the  above  diagram  commute.  Indeed,  on  the  one  hand,  the  application 
of  intuitionistic  /3-reduction  (rule  Sr_beta_int)  can  result  in  several  copies  of  an  argument  containing  a 
NlL-redex,  possibly  none.  On  the  other  hand,  rules  Sr_beta_fst  and  Sr_beta_snd  can  project  away  a 
term  containing  a  NlL-redex. 

Observe  that  the  dual  property  of  pushing  /3-reductions  past  NlL-reductions  does  not  hold  in  general. 
Consider  for  example  the  following  sequence  of  reductions: 

S  S 

(c  ■  NIL,  d  ■  nil)  •  (7TiNIL)  - >/3  ( C  •  nil)  •  NIL  - »NIL  C  •  NIL 

The  two  reduction  cannot  be  interchanged  since  the  original  term,  FST  (c,  d)  in  the  traditional  notation, 
does  not  contain  a  NlL-redex.  The  problem  is  that,  while  performing  a  NlL-reduction  does  not  introduce 
/3-redices,  carrying  out  a  /3-reduction  can  create  new  NlL-redices. 

4  Relationship  between  and  5^-°&T 

There  exists  a  structural  translation  of  terms  in  A_>_0&T  to  terms  in  S^~ 0&T  and  vice  versa.  As  we  will 
see  in  this  section,  this  translation  preserves  typing  and  /3-reductions,  so  that  A_>_0&T  and  S^~ 0&T  share 
the  same  properties  on  well-typed  (77-long)  terms,  and  are  therefore  equivalent  for  practical  purposes. 
However,  S^~ 0&T  is  structurally  richer  than  A_>_0&T  in  the  sense  that  it  permits  terms  containing 
NlL-redices,  which  are  indistinguishable  from  their  NlL-normal  form  in  the  more  traditional  formulation. 
Therefore,  we  will  treat  the  two  directions  of  the  translation  separately.  In  Section  4.1  we  will  introduce 
a  mapping  of  A_>_0&T  to  S^~ 0&T  and  prove  its  soundness  with  respect  to  typing.  In  Section  4.2,  we  will 

instead  develop  the  machinery  to  prove  the  soundness  of  this  translation  with  respect  to  the  reduction 

semantics  of  the  two  languages.  We  introduce  the  reverse  translation  in  Section  4.3  and  establish  its 
soundness  with  respect  to  reduction  in  Section  4.4.  Sections  4.2  and  4.4  are  rather  technical;  the  casual 
reader  should  be  able  to  skip  them  and  still  follow  the  overall  discussion. 

4.1  A S:  A  Translation  from  A_>'^&T  to 

The  translation  from  A_>_0&T  to  S^~ 0&T,  abbreviated  A S,  maps  the  uniform  notion  of  A_>_0&T  term  to 
the  roots,  terms  and  spines  of  S^~ 0&T,  depending  on  the  structure  of  the  original  term.  A S  is  specified 
by  means  of  the  following  judgments: 

M  - — — U  M  translates  to  U 

M  \  S  — U  M  translates  to  U ,  given  spine  S 

The  rules  defining  them  are  displayed  in  Figure  5.  When  translating  a  pre-atomic  A_>_0&T  term  M  by 
means  of  the  second  judgment,  the  spine  S  acts  as  an  accumulator  for  the  destructors  appearing  in  M . 
This  indirection  is  needed  to  cope  with  the  opposite  associativity  of  spines  in  S^~°&T  and  destructor 
nesting  in  A_>_0&T.  The  side  conditions  in  rules  AS_atm  and  AS_redex  specify  the  admissible  structure 
of  their  first  argument  (M);  they  could  be  avoided  by  specializing  these  rules  to  take  into  account  the 
different  possibilities  they  encompass.  Notice  that,  for  each  of  the  two  judgments  of  A S,  the  structure  of 
the  first  argument  determines  uniquely  which  rule  can  be  used  in  the  translation  process. 
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We  can  immediately  prove  the  faithfulness  of  this  translation  with  respect  to  typing.  This  result 
expresses  the  adequacy  of  the  system  in  Figure  3  as  an  emulation  of  the  typing  semantics  of  A_>_0&T. 
We  will  take  advantage  of  this  fact  below. 

Theorem  4.1  ( Soundness  of  XS  for  typing) 

i.  //  C  ;  A  hs  M  ft  A,  then  V  ::  \l  '  •  /  and  A  >;  U  :  A; 

ii.  if  A  ,  ;  Ai  b s  M  f  A  and  S  ::  ,  ;  A2  bs  S  :  A  >  a,  then  T>  ::  M  \  S  V  and 
Ur.,  ;  A1;  A2  bs  ^  :a. 

Proof. 

By  simultaneous  induction  on  the  structure  of  C  and  A.  The  cases  concerning  rules  lA_atm  and 
lA_redex  require  some  care  in  order  to  satisfy  the  side  conditions  in  rules  AS_atm  and  AS_redex, 
respectively.  SZf 

Notice  that  this  statement  implies  not  only  that  types  are  preserved  during  the  translation  process, 
but  also,  by  virtue  of  extensionality,  that  ry-long  objects  of  A_>_0&T  are  mapped  to  ry-long  terms  in  the 
spine  calculus. 

We  will  obtain  an  indirect  proof  of  the  completeness  of  XS  with  respect  to  typing  in  Section  4.3.  As 
a  preparatory  step,  we  dedicate  the  remainder  of  this  section  to  getting  some  insight  in  the  manner  XS 
operates. 

We  first  show  that  XS  is  a  function,  i.e. ,  that  every  term  has  a  unique  translation.  It  is  interesting  to 
observe  that  it  is  not  defined  over  all  of  A_>_0&T.  For  example,  the  term  FST  (}  has  no  translation  since 
no  rule  can  derive  a  judgment  of  the  form  Q\S  AAs.  jj ,  whichever  S  and  IJ  are.  Although  it  suffices  to 
add  the  possibility  of  having  M  =  (}  in  the  side  condition  of  rule  AS_redex  to  eliminate  this  apparent 
anomaly,  we  are  not  interested  in  such  a  term  since  it  is  ill-typed.  Instead,  we  fix  the  domain  of  XS  to 
be  the  set  of  typable  (i.e.,  either  pre-canonical  or  pre-atomic)  terms  in  A_>_0&T.  The  following  lemma 
establishes  the  functionality  of  the  translation. 
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Lemma  4.2  ( Functionality  of  XS) 

i.  If  C  ::  ,  ;  A  bs  M  ft  A,  then  there  is  a  unique  term  U  such  that  T  M  -^4  U . 

ii.  If  A  ::  ,  ;  A  bs  M  f  A  and  S  ::  ,  ;  A'  bs  S  :  A  >  a,  then,  there  is  a  unique  term  U  such  that 
T  ::M\S  U. 

Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  M ,  or  equivalently  on  the  structure  of  C  and  A. 
The  typing  judgments,  in  particular  b> ,  serve  the  only  purpose  of  preventing  considering  the  case  M  =  () 
in  (ii),  for  which  no  rule  of  XS  is  applicable.  EZf 

XS  translates  every  term  in  A_>_0&T  to  an  object  in  NlL-normal  form.  Therefore,  the  range  of  this 
function  is  the  set  of  well-typed  terms  in  5',jfL_0&T,  as  depicted  in  Figure  6,  and  formally  stated  below. 

Lemma  4.3  ( Range  of  XS) 

i.  If  T  M  SA  it t  then  U  vs  in  NlL-normal  form. 

ii.  If  T  M\S  -A by  IT  ancj,  S  vs  in  NlL-normal  form,  then  U  vs  in  NlL-normal  form. 

Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  T ■  El 

XS  is  actually  a  biject.ion  between  the  set  of  well-typed  terms  in  A_>_0&T  and  the  set  of  well-typed 
objects  in  5',ffL_0&T.  We  delay  proving  this  property  till  Section  4.3,  when  discussing  its  inverse. 

4.2  Soundness  of  A S  with  respect  to  Reduction 

We  have  seen  in  the  previous  section  that  XS  is  sound  with  respect  to  the  typing  semantics  of  A_>_0&T 
and  S,_>_0&T.  We  dedicate  the  present  section  to  proving  that  it  preserves  also  reductions.  This  task  is 
surprisingly  complex  for  a  number  of  reasons. 

•  Firstly,  /^-reductions  in  A_>_0&T  do  not  correspond  to  /^-reductions  in  S,_>_0&T,  but  in  general  to  j3- 
reductions  followed  by  zero  or  more  NlL-reductions.  Therefore,  most  statements  below  will  mention 
unexpected  of  NlL-reductions. 
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is  specialized  to  ?/-long  forms.  Consider  for  example 


•  Secondly,  the  reduction  semantics  of  S^~ 0&T 
the  A_>_0&t  term 

M  =  (A*  :a.  f  x)  c  d 

for  appropriate  declarations  of  /,  c  and  d  (the  latter  two  of  base  type).  This  term  is  not  in  ?/-long 
form  (its  ry-expansion  is  (Xx:a.  Xy:a'.  f  x  y)  cd).  M  reduces  to  the  canonical  form 

N  =  /  c  d 


which  translation  in  S 0&T  is 


V  =  /  •  ((c  •  nil);  (d  ■  nil);  nil) 

On  the  other  hand,  A S  would  translate  M  to  the  S^~ 0&T  term 

U  =  (A*  :a.  f  ■  (x  ■  nil);  nil)  •  ((c  •  nil);  (d  ■  nil);  nil) 
which  cannot  be  reduced  further  than 

(/  •  (c  •  nil); nil)  •  ((d  ■  nil); nil), 

a  different  term  from  V .  V  can  however  be  recovered  by  appending  the  spines.  Such  a  step  proved 
compulsory  in  the  implementation  of  LF  as  the  new  programming  language  Twelf.  Indeed,  types 
left  implicit  by  the  user  are  reconstructed  through  unification,  but  since  not  all  typing  information 
is  available  at  this  stage,  ?/-long  forms  cannot  be  achieved.  Therefore,  this  preprocessing  phase 
cannot  take  advantage  of  the  strong  invariants  that  derive  from  extensionality.  In  particular,  spines 
occasionally  need  to  be  appended. 

As  we  can  see  from  this  example,  A S  does  not  commute  with  reduction  in  the  general  case.  We  can 
track  the  problem  to  the  fact  that,  while  /3-reduction  and  extensionality  are  orthogonal  concepts 
in  A^-°&t,  they  are  intimately  related  in  S^~ 0&T.  Indeed,  analyzing  the  spine  calculus  in  the 
absence  of  extensionality  requirements  reveals  the  NlL-reduction  rule  as  the  degenerated  form  of  a 
general  ry-expansion  rule. 

However,  as  long  as  we  are  interested  only  in  ry-long  terms,  the  definitions  given  in  the  previous 
section  ensure  the  A S  is  sound  with  respect  to  the  reduction  semantics  of  our  calculi.  Therefore, 
we  need  to  pay  particular  attention  to  operating  only  on  ry-long  terms.  We  achieve  this  purpose 
indirectly  by  requiring  explicitly  that  all  the  A_>_0&T  terms  we  consider  be  well-typed.  This  is 
stricter  than  needed,  but  typing  is  the  only  way  we  can  enforce  extensionality. 

Rules  lr_beta_lin  and  lr_beta_int  generate  their  reduct  means  of  a  meta-level  substitution.  The 
corresponding  reduction  in  S^~ 0&T  operate  in  a  similar  way.  Therefore,  we  need  to  show  that  A S 
commutes  reasonably  well  with  substitution.  This  is  achieved  in  the  following  lemma,  where  “reasonably 
well”  means  modulo  NlL-reductions. 

Lemma  4.4  ( Substitution  m  X S) 

i.  Assume  that  C  ::  ,  ;  A  hs  M  ft  A,  Cn  ,  ;  A"  bs  N  f|-  B  and  x :  B  occurs  m  either  ,  or  A. 

If  T  ::  M  and  Tn  ■■  N  ^  V,  then  T'  ::  [N / x\M  ^  V'  where  TZ  ::  [V / x]U  -A*IL  V' . 

ii.  Assume  that  C  ::  ,  ;  A  bs  M  f  A,  S  ::  ,  ;  A"  bs  S  :  A  >  a,  Cn  ;  A7  bs  N  f|-  B  and  x  :  B 
occurs  in  either  ,  ,  A  or  A". 

If  T  ::  M\S  and  Tn  ■■  N  ^  V ,  then  T'  ::  [N/x\M  \  [V /  x]S  ^  V'  where 

K::[V/x]U 

Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  T  and  then  by  case  distinction  on  the  structure 
of  Cn •  All  cases  are  quite  simple  except  for  the  situation  where  M  is  precisely  x  (subcase  of  rule  AS_var 
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in  part  (n)  of  this  lemma).  We  will  analyze  this  situation  in  detail  since  a  similar  proof  pattern  will 
appear  again  further. 

Assume  therefore  that 

T  —  -  AS_var 

x\S  — — — -t  x  ■  S 

Thus,  M  =  x,  U  =  x  ■  S ,  B  =  A,  C  is  either  lAJvar,  lAJvar,  or  exposes  one  of  them  after  traversing 
alternations  of  instances  of  lA_redex  and  lA_atm,  and  Cn  ,  ;  A'  l~s  A  ft  A. 

We  make  a  case  distinction  on  the  last  rule  applied  in  Cn- 

Sub  case  lA_atm 

Then,  A  =  a!  for  some  base  type  a! .  By  inversion  on  S,  we  deduce  that  a!  =  a  and  S  =  NIL.  By 
extensionality,  we  further  obtain  that  N  =  c,  N  =  y,  N  =  FST  N' ,  N  =  SND  N' ,  N  =  N'^N"  or 
N  =  N'  N". 

By  inversion  on  rule  AS_atm  for  Tn,  we  have  that  V  =  By  ■  Sy  and  that  there  is  a  derivation  T' 
of  N  \  nil  AA.  (By  ■  Sy),  i.e. ,  of  [N/x]x  \  [TA/si]nil  AA.  (jjv  ■  Sy).  Now  simply  set  IZ  to 

- Sr_beta_nil 

(By  ■  Sy)  ■  NIL  — ^-t-Nil  By  ■  Sy 

as  a  derivation  of  \V / x\(x  ■  nil)  — — V. 

Sub  case  lA_unit 

Then,  A  =  T,  but  no  rule  can  start  a  derivation  of  ,  ;  A"  bs  S  :  T  >  a.  Therefore,  this  case  cannot 
possibly  arise. 

Other  subcases 

By  inversion,  N  =  (#1,^2),  N  =  Xy  :  A' .  N'  or  N  =  Xy  :  A'.N'.  We  apply  rule  AS_redex  to 
Tn  N  y  to  obtain  a  derivation  T'  of  TV  \  [V'/ajJS'  V  ■  \V/x\S,  i.e.,  of 

[N/x\x  \  [V/x\S  AAy  \V / x\(x  ■  S ).  Simply  take  the  identity  as  1Z.  SZf 


We  need  one  more  technical  result  prior  to  tackling  the  main  theorem  of  this  section.  More  precisely, 
we  need  to  show  that,  when  translating  a  pre-atomic  term,  reductions  to  the  accessory  spine  are  mapped 
directly  to  reductions  in  the  resulting  S^~ 0&T  term,  as  expressed  by  the  diagram  on  the  right.  In 
particular,  /3-reductions  are  mapped  to  /3-reductions  and  NlL-reductions  yield  NlL-reductions.  Notice  that 
the  statement  below  does  not  mention  typing  derivations.  Indeed  it  applies  to  generic  terms,  possibly 
ill- typed  or  not  in  ?/-long  form. 


Lemma  4.5  ( Spine  reduction) 

i.  If  T  ::  M\S  V  and  7Z  ::  S  S',  then  there  is  a  term 

V'  such  that  T'  ::  M\S'  V'  and  1 Z'  ::  V  —^/3  V' . 

ii.  If  T  ::  M\S  AAs.  y  an(j  JZ  ::  S  — ^Nil  S',  then  there  is  a  term 

V'  such  that  T'  ■■■■  M\  S'  v’  and  1Z'  ::  V  — ~^NIL  V' . 

Proof. 

This  straightforward  proof  proceeds  by  induction  on  the  structure  of  7Z. 


M\  S - y 


s 

M  \  S'  ■■■■-■ 


s 


V' 


szf 


It  is  easy  to  show  that  this  result  remains  valid  when  considering  the  transitive  and  reflexive  closure  of 

5 

the  involved  relations,  or  even  — A . 

At  this  point,  we  are  in  a  position  to  prove  that  A S  is  sound  with  respect  to  the  reduction  semantics 
of  and  This  property  is  schematized  by  the  diagram  on  the  right. 
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Theorem  4.6  ( Soundness  of  XS  for  reducibility) 


t.  Assume  that  C  ::  ,  ;  A  l~s  M  f\  A. 

If  1Z  ::  M  — >  N  and  T  ::  M  ^A  U ,  then  there  are  terms 

V  and  V  such  that  IZp  ::  U  —^p  V,  1Zmh  ::  V  -AjuV'  and 

V  ::  N  -^A  V. 


M  ■ 


A  S 


U  ■ 


■  N 


V 


n.  Assume  that  A  :: 
If  11::  M  — >  N 
Up  ::  U  A/,  V, 


,  ;  Ai  hs  M  l  A  and  S  ::  ,  ;  A2  l~s  S  :  A  >  a. 

and  T  M\S  —A  IJ,  then  there  are  terms  V  and  V  such  that 
Time  ■■  V  A;il  V  and  V  ::  N\S  ^A  V. 


'■.xs 


s 


\ 


V 


Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  1Z  and  inversion  on  A,  C,  T  and  S.  All  cases  are 
straightforward  with  the  exception  of  the  treatment  of  the  /3-reduction  steps  of  A_>_0&T  (rules  lr_beta_fst, 
lr_beta_snd,  lr_beta_lin  and  lr_beta_int)  and  rules  lr_lapp2  and  lrJapp2,  that  require  some  care. 
We  develop  in  full  the  cases  where  the  last  rule  applied  in  1Z  is  either  lr_beta_lin  or  lr_lapp2. 


Case  lr_beta_lin  (*) 

Then 

n  =  — - 

(A x-.A'.M'YM"  — t  [M"/x\M' 
where  M  =  (Xx:A'.  M')  "M"  and  N  =  [M"/x\M'. 

By  inversion  over  C  (glossing  over  possible  alternations  of  rules  lA_redex  and  lA_atm),  we  have 
that 

Ci 

,  ;  A',  x:A'\~y,  M'  f|-  a 

- lA_llam 

,  ;  A' bs  Xx  :  A'.  M'  f|-  A'  — o  a  q2 

- lA_redex 

,  ;A' hs  A  x:A'.M'  IA'  -oa  ,  ;  A"  bs  M"  A' 

- lA_lapp 

,  ;  A',  A"  bs  (A*  :  A'.  M')  ~M"  \  a 

Q  —  - lA_atm 

,  ;  A',  A"  bs  (A*  :  A’.  Mr)  ~M"  ft  a 

Notice  in  particular  that  A  is  an  atomic  type  a,  and  that  the  subterm  M’  has  precisely  this  type. 
We  can  similarly  invert  T  obtaining  the  following  partially  expanded  tree: 

71 

M’  U’ 

-  AS_Uam 

j2  Xx-.A’.M’  AA,  Xx-.A’.U’ 

- AS_redex 

M"  -^A  U"  Xx:A'.M'\U"-mL  (A x:A'.U')  ■  (N";nil) 

- AS_lapp 

(A*  :  A'.  M')  ~'M"  \  nil  (A  x:A'.Ur)  ■  (N";nil) 

/-j~  —  -  AS_atm 

(A x:A'.M')~M"  -^A  (A x-.A'.U')  ■  (N";nil) 


By  extensionality  relative  to  C\,  M'  is  either  a  constant,  a  variable  or  a  destructor  applied  to  some 
subterm.  Therefore,  by  inversion  on  71,  we  have  that  U'  =  H'  ■  S'  for  some  head  H'  and  spine  S' . 
Now,  by  definition  of  substitution, 

[U"/x](H'  ■  S')  =  {{U"/x]H')  ■  {{U"/x]S') 


17 


so  that  NlL-reduction  can  be  applied  to  ([U" / x]U')  -  NIL.  By  chaining  rules  Sr_beta_lin  and  Sr_nil, 
we  get 

(Xx-.A'.U')  ■  (U"-mL)  ([U"/x] U')  ■  nil  Anil  [U"/x]U' 

By  the  substitution  lemma  4.4  on  Ci,  C2,  7i  and  T2,  we  know  that  there  is  a  term  V  such  that 
[M" /x\M'  V  where  \U" /x\U'  -A*IL  V ■  It  now  suffices  to  take  ([U" / x\U')  ■  NIL  as  V. 

Case  lr_beta_lin  (it) 

Inversion  on  A  and  T  yields  the  fact  that  U  =  (Xx  :  A'.  U')  ■  (U"]S)  for  some  terms  U'  and  U" , 
and  derivations 

Cx  M1  -ft  A 

C2  ;A"bs  M"  ft  A' 

Ti  ::  M'  -^4  U' 

T2  ::  M"  -^4  u" 

where  Ai  =  A'1;  A". 

By  applying  the  substitution  lemma  4.4  on  these  derivations,  there  is  a  term  V'  such  that  both 
[M"/x]M'  ^t>  V'  and  [U"/x] U'  — ^nil  V  are  derivable  with  derivations  T"  and  1Z' ,  respectively. 
At  this  point  we  proceed  by  cases  on  the  structure  of  T"  using  the  same  technique  already  employed 
in  the  proof  fragment  we  showed  earlier  for  the  substitution  lemma  itself. 

Subcase  lA^atm 

Then  [M"/x]M'  is  one  of  c,  y,  FST  N' ,  SND  N' ,  N'  ~N"  or  N'  N" .  By  the  transitivity  lemma  2.3 
on  Ci  and  C2,  there  is  a  derivation  of  ,  ;  A'1;  A'/  bs  [M" / x\M'  f|-  A.  By  inversion,  it  must  be 
the  case  that  A  =  a,  S  =  NIL  and  U'  =  H'  ■  S'  for  some  head  H'  and  spine  S' .  Therefore,  by 
inversion  on  rule  AS_atm  for  T"  we  obtain  the  desired  derivation  T'  of  [M" / x\M'  \  NIL  V' . 

On  the  other  hand,  we  can  build  the  following  chain  of  reductions: 

(Xx-.A'.U')  -(u"- NIL)  A/3  ([U"/x]U') -nil  Anil  [U"/x]U' 

Here,  we  need  to  take  {[U" / x\U')  ■  NIL  as  V  and  V'  as  V. 

Sub  case  lA_unit 

This  case  does  not  apply. 

Other  subcases 

Then  [M" /x\M'  has  the  form  (N' ,  N") ,  Xy.A".  N'  or  Xy.A".  N' .  We  can  therefore  apply  rule 
AS_redex  to  T" ,  obtaining  the  desired  translation  T'  of  [M"/x]M'  \  S  dAs.  y1  .  g.  Moreover, 
by  chaining  Sr_beta_lin  to  1Z'  (modulo  embedded  applications  of  Sr_redexl),  we  obtained 
the  required  reduction  1Z: 


(Xx-.A'.U')- (U"-S)  A/,  ([U"/x]U')-S  Anil  V'-S 
In  this  case,  V  =  V'  ■  S  and  V  =  (\U" / x]U')  ■  S. 

Case  lr_lapp2 

We  will  focus  on  proving  part  (it)  of  the  theorem.  Part  (*)  combines  the  technique  to  be  shown 
with  the  reasoning  pattern  used  above. 

We  have  therefore  that  M  =  M'  ~M"  and 


111 


M" 


N" 


1Z  = 


M'~M" 


M'~N" 


lr_lapp2 


where  N  =  M'~N". 
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By  inversion  on  A  and  T ,  we  obtain  that 


Ai  C2 

,  ;AjbsM';A^A  ,  ;  A"  bs  M"  ft  A' 

A  =  -  lAJapp 

,  ;  Aj,  A"  bs  M'~M"  l  A 


and 


r2  Ti 

M"  Al+u"  M'\U"-S^U 

7"  =  - lA_lapp 

M'~M"\S  U 


By  induction  hypothesis  (*)  on  IZi,  C2  and  Tj,  there  are  terms  V"  and  V  and  derivations  1Z (j  :: 

U"  -%  V" ,  TZ”1L  ::  V"  -AjIL  V"  and  T"  ::  N"  ^  V" . 

Applying  rule  SrJappl  to  7 Z'p  and  7 ?."IL,  we  obtain  derivations  7 Z'p  and  1Z"[L  of  U"  ■  S  -^-tp  v"  ■  S 
and  V"  ■  S  — ^+*IL  V"  ■  S,  respectively. 

By  the  spine  reduction  lemma 4.5  on  Ti  and  IZ'p  ,  there  is  a  term  V  such  that  T'"  M"  \  V  -S  y 

and  7 Zp  ::  IJ  —^p  V  are  derivable.  By  a  further  application  of  the  spine  reduction  lemma  on  T'" 

and  1Z"'IL ,  we  find  a  term  V  such  that  T*  : :  M"  \  V"  ■  S  AA.  y  and  72-NiL  : :  V  — S-P  £IL  V  are 
derivable. 

Having  the  desired  terms  and  reduction  derivations,  we  obtain  the  required  translation  derivation 
T'  M'^M"  \  S  y  by  applying  rule  ASJapp  to  T"  and  T*  ■ 


The  postponement  lemma  allows  us  to  lift  this  result  to  the  reflexive  and  transitive  closures  of  the 
mentioned  reduction  relations. 

The  notion  of  soundness  we  adopted  relatively  to  the  reduction  semantics  of  our  calculi  requires  that 
every  reduction  in  the  source  language  correspond  to  one  (or  more)  reductions  in  the  target  language.  We 
define  completeness  dually:  every  reduction  in  the  target  language  should  correspond  to  some  reduction  in 
the  source  language,  possibly  none.  We  will  give  an  indirect  proof  of  the  completeness  of  A S  with  respect 
to  the  reduction  semantics  of  our  calculi  in  Section  4.4,  when  considering  the  inverse  of  our  translation. 

4.3  S\ :  A  Translation  from  to 

In  this  section  and  in  the  next,  we  consider  the  problem  of  translating  terms  from  S^~ 0&T  back  to 
A->'-o&t,  an  essential  operation  to  interpret  S^~ 0&T  objects  in  the  usual  notation.  A S  cannot  be  used 
for  this  purpose  since  its  codomain  is  S',^L_0&T,  the  subset  of  S^~ 0&T  consisting  only  of  NlL-normal 
forms.  Moreover,  it  would  be  impractical  even  for  NlL-normal  terms  since  the  rules  in  Figure  5  are  not 
syntax-directed  with  respect  to  the  S^~ 0&T  objects  they  mention. 

The  approach  we  take  is  instead  to  define  an  independent  translation,  S A,  that  maps  entities  in 
S~^~ °&T  to  terms  in  A_>_0&T.  We  will  prove  later  that  it  is  precisely  the  inverse  of  A S,  modulo  details. 
S A  is  specified  by  means  of  the  judgments 

U  M  U  translates  to  M 

S\M  jy  5  translates  to  N,  given  seed  M 

and  defined  in  Figure  7.  The  notion  of  spine  does  not  have  a  proper  equivalent  in  A_>_0&T:  it  corresponds 
indeed  to  a  term  with  a  hole  as  its  head.  Therefore,  when  translating  a  spine,  we  need  to  supply  a  head 
in  order  to  generate  a  meaningful  A_>_0&T  term.  This  is  achieved  by  the  judgment  S\M  -Ay.  jy:  the 
auxiliary  term  M  (the  seed)  is  initialized  to  the  translation  of  some  head  for  the  spine  S  (rules  SA_con, 
SA_var  and  SA_redex);  it  is  successively  used  as  an  accumulator  for  the  translation  of  the  operators 
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appearing  in  S  (rules  SA_fst,  SA_snd,  SAJapp  and  SA_iapp);  when  the  empty  spine  is  eventually 
reached  (rule  SA_nil),  the  overall  translation  has  been  completed  and  M  is  returned.  As  in  A S,  the  use 
of  an  accumulator  handles  the  opposite  associativity  of  S^~ 0&T  and  A_>_0&T. 

The  faithfulness  of  S A  with  respect  to  typing  is  formally  expressed  by  the  following  theorem.  Again, 
we  shall  stress  the  fact  that  the  translation  process  preserves  not  only  types,  but  also  extensionality. 

Theorem  4.7  ( Soundness  of  SX  for  typing) 

i.  If  U  ::  ,  ;  A  bs  U  :  A,  then  Q  ::  U  ^A  M  and  C  ::  ,  ;  A  bs  M  ft  A. 

ii.  If  S  ,  ;  Ai  bs  S  :  A  >  a  and  A  ::  ,  ;  A2  bs  M  f  A,  then  Q  ::  S\M  N  and 

U  ::  ,  ;  Ai,  A2  bs  N  ft  a. 

Proof. 

By  simultaneous  induction  on  the  structure  of  U  and  S .  SZf 

We  dedicate  the  remainder  of  this  section  to  proving  that  SX  is  the  inverse  of  A S.  Besides  getting 
the  comforting  formal  acknowledgment  that  our  two  translations  do  behave  as  expected,  we  will  take 
advantage  of  this  result  to  obtain  straightforward  proofs  of  the  completeness  of  A S  and  SX  with  respect 
to  typing  and  reduction. 

We  begin  our  endeavor  by  proving  that  SX  is  actually  a  function  from  S^~ 0&T  to  A_>_0&T.  Notice 
that  the  statement  of  the  lemma  below  does  not  mention  any  typing  information  (compare  it  with 
Lemma  4.2).  Indeed,  SX  operates  properly  also  on  aberrant  terms  such  as  ()  •  7TiNIL,  which  is  mapped  to 
FST  ()  (remember  that  A S  was  ineffective  on  this  term).  It  has  S^~ 0&T  as  a  whole  as  its  domain. 

Lemma  4.8  ( Functionality  of  SX) 

1.  For  every  S^~ 0&T  term  U ,  there  is  a  unique  A_>_0&T  term  M  such  that  U  M . 
ii.  For  every  spine  S  and  seed  M,  there  is  a  unique  A_>_0&T  term  N  such  that  S\M  -^A  N. 

Proof. 

By  induction  on  the  structure  of  IJ  and  S.  SZf 
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We  wish  S A  to  be  the  inverse  of  A S.  Although  this  property  does  not  hold  in  its  full  strength,  it  is 
“true  enough”  so  that  we  can  take  practical  advantage  of  it.  The  problem  is  that  these  two  functions 
have  different  domains  and  ranges.  Indeed,  not  only  does  A S  operate  exclusively  on  well-typed  A_>_0&T 
terms,  but  it  produces  elements  in  5'otL_0&T,  a  strict  subset  or  S^~ 0&T.  On  the  other  hand,  S A  accepts 
arbitrary  terms  in  S^~°&T .  We  bridge  these  differences  in  the  lemma  below  by  insisting  on  well-typed 
terms  and  relying  on  NlL-reduction. 

Lemma  4.9  ( Invertibility ) 

i.  Assume  that  U  ::  ,  ;  A  by  U  :  A. 

If  Qy.U  M,  then  T  ::  M  V  where  TZ  ::  U  -A*IL  V. 

n.  Assume  that  S  ::  ,  ;  Ai  by  S  :  A  >  a  and  A  ::  ,  ;  A2  by  N  f  A. 

If  Q  ■■■■  S\N  M  and  Tn  ■■■  N\S  ^U,  then  T  ::  M  -^A  V 

Proof. 

The  proof  proceeds  by  induction  on  the  structure  of  Q  and  inversion  on  the  other  given  derivations. 
We  rely  on  the  same  reasoning  pattern  already  used  in  the  proofs  of  the  substitution  lemma  for  A S 
(Lemma  4.4)  and  in  the  soundness  theorem  4.6.  The  most  complex  cases  involve  rules  SA_redex  and 
SA_nil  and  the  application  rules.  SZf 

The  reverse  of  this  property  holds  in  a  much  stronger  sense:  not  only  no  typing  information  is  needed, 
but  translating  a  A_>_0&T  term  to  S^~ 0&T  and  then  back  yields  the  very  same  original  term.  We  have 
the  following  untyped  invertibility  lemma. 

Lemma  4.10  (  Untyped  invertibility) 

i.  If  T  ::  M  -^A  U ,  then  Q  ::  I'  '-  .l/. 

11.  If  T  ::  M\S  and  Qs  ::  S\M  N ,  then  Q  ::  V  N . 

Proof. 

By  inversion  on  the  structure  of  T ■  Ef 

The  untyped  invertibility  lemma  states  that  composing  S A  with  A S  transforms  a  A_>_0&T  term  to 
itself;  therefore  it  corresponds  to  the  identity  function  on  A_>_0&T.  On  the  other  hand,  the  invertibility 
lemma  4.9  states  that  S A  is  the  left  inverse  of  A S  on  well-typed  S'b(L-0&T  terms.  On  the  basis  of  this 
observation  and  of  previously  proved  properties,  we  easily  deduce  that  they  form  a  pair  of  inverse  functions 
between  the  well-typed  fragments  of  A_>_0&T  and  5'b(L_0&T. 

Corollary  4.11  ( Bijectivity ) 

A S  and  S A  are  bijections  between  the  set  of  well-typed  terms  and  the  set  of  well-typed  S'b(L-0&T 

terms.  Moreover,  they  are  each  other’s  inverse. 

Proof. 

It  is  an  easy  exercise  in  abstract  algebra  to  show  that,  given  two  functions  /  :  A  — »  Y  and  g  :  Y  — >  X , 
if  /  o  g  =  Idy  and  g  o  /  =  Idy,  then  /  and  g  are  bijections  and  moreover  g  =  /-1 . 

By  Lemmas  4.2,  4.3  and  theorem  4.1,  we  know  that  A S  is  a  function  from  the  well-typed  portion  of 
y->-o&T  |-0  tjjg  Well-typed  subset  of  5,Jj(L_0&T.  By  the  functionality  lemma  4.8,  S A  maps  S^~ 0&T  terms  to 
y->-o&T  objeets;  in  particular,  by  typing  soundness,  it  associates  well-typed  NlL-normal  S^~ 0&T  terms 
to  well-typed  terms.  Moreover,  since  terms  that  are  already  NlL-normal  cannot  be  further  NIL- 

reduced,  the  invertibility  lemma  states  that  S A  is  the  left  inverse  of  A S  on  well-typed  5'b(L_0&T  terms. 
Finally,  by  the  untyped  invertibility  lemma,  A S  is  the  left  inverse  of  S A  on  A_>_0&T,  and  in  particular  on 
its  well-typed  fragment. 
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On  the  basis  of  these  hypotheses,  the  previous  algebraic  observation  allows  us  to  conclude  that  A S 
and  S A  are  indeed  biject.ions  between  well-typed  objects  in  A_>_0&T  and  well-typed  terms  in  , 

and  that  they  are  one  another’s  inverse.  SZf 

This  property  opens  the  door  to  easy  proofs  of  the  completeness  direction  of  every  soundness  theorem 
so  painfully  achieved  so  far.  We  first,  consider  the  completeness  of  A S  with  respect  to  typing.  In  this  and 
other  results  below,  we  do  not  need  to  present  any  auxiliary  part  related  to  pre-atomic  terms. 

Corollary  4.12  (  Completeness  of  XS  for  typing) 

If  M  — A-  U  and  ,  ;  A  b  s  U  :  A,  then  ,  ;Ahs  M  ft  A. 

Proof. 

By  the  untyped  invertibilit.y  lemma,  U  -AA.  M .  Then,  the  soundness  of  S A  for  typing  yields  a 
derivation  of  ,  ;  A  hs  M  ft  A.  El 

An  implementation  that  relies  on  S^~ 0&T  as  its  internal  representation  of  terms  would  translate 

these  terms  as  it  parses  them  and  only  then  check  that  they  are  well  typed.  The  novel  Tiuelf  implementa¬ 
tion  of  LF  [HHP93]  takes  precisely  these  steps.  The  above  corollary  decrees  that  this  way  of  proceeding 
is  correct  since  if  A S  produces  a  well-typed  term,  then  the  original  object,  is  well-typed. 

In  a.  similar  fashion,  we  prove  the  completeness  of  S A  with  respect,  to  typing. 

Corollary  4.13  (  Completeness  of  SX  for  typing) 

If  U  ^  M  and  ,  ;Ahs  M  jf  A,  then  ,  ;  A  b  s  U  :  A. 

Proof. 

By  the  invertibilit.y  lemma.,  M  -^4  V  where  U  — — By  the  soundness  of  XS  for  typing,  we 
obtain  that  ,  ;  A  bs  V  :  A.  Finally,  since  NlL-expa.nsion  preserves  typing  (Lemma.  3.3),  we  have  that 
,  ;  A  bs  U  :  A.  El 


4.4  Soundness  of  S A  with  respect  to  Reduction 

We  will  now  analyze  the  interaction  between  SX  as  a.  translation  from  S^~°bT  and  A_>_0&T,  and  the 
notion  of  reduction  inherent,  to  these  two  languages.  The  main  results  of  our  investigation  will  be  that 
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S A  preserves  /3-reductions,  but  identifies  NlL-convertible  terms.  We  will  also  take  advantage  of  the  fact 
that  this  translation  is  the  inverse  of  A S  to  prove  the  completeness  counterpart  of  these  statements. 

It  will  be  convenient  to  start  by  getting  a  deeper  understanding  of  how  NlL-reducibility  relates  to  S A. 

Consider  the  equivalence  relation  =NIL  induced  by  the  NlL-reduction  congruence  — >-NIL.  Its  equivalence 
classes  consist  of  all  the  terms  of  S^~ 0&T  that  NlL-reduce  to  the  same  NlL-normal  form.  S A  uniformly 
maps  every  object  in  such  an  equivalence  class  to  the  same  A_>_0&T  term,  as  depicted  in  Figure  8.  In 
order  to  prove  this  fact,  we  first  show  that  NlL-reducing  a  term  does  not  affect  its  translation. 

Lemma  4.14  ( Invariance  of  SX  under  NlL-reduction) 

i.  If  TZ-.-.U  — ~tNIL  U'  and  Q  ::  U  ^  M ,  then  Q'  ::  V  M. 

11.  If  II  ::  S  ANIL  5"  and  Q::S\N^AM,  then  Q'  ::  S'\N  M 

Proof. 

By  induction  on  the  structure  of  1Z. 

This  lemma  can  also  be  interpreted  as  stating  that  SX  is  sound  with  respect  to  NlL-reducibility.  Therefore, 
in  the  following  discussion,  we  will  concentrate  on  the  interaction  between  this  translation  and  the  proper 
/3-reductions  of  5'->--0&T . 

The  converse  of  the  above  property  holds  also:  SX  maps  a  term  and  all  of  its  NlL-expansions  to  the 
same  object.  This  is  formally  stated  as  follows. 

Lemma  4.15  ( Invariance  of  SX  under  NIL -expansion) 

i.  If  IZ-.-.U  — ~tNIL  U'  and  Q'  ::  V  M,  then  Q  ::  U  ^  M. 
n.  If  H  ::  5  ANIL  5"  and  Q'  ::  S' \  N  ^  M ,  then  Q  ::  S\N  ^  M 

Proof. 

By  induction  on  the  structure  of  1Z. 


Strong  NlL-normalization  (Lemma  3.7)  enables  to  easily  shift  these  properties  to  the  reflexive  and 
transitive  closure  of  — ^-t>Nil,  and  to  the  corresponding  equivalence  relation. 

The  NlL-invariance  properties  we  just  achieved  together  with  the  discovery  in  the  previous  section  that 
A S  and  SX  are  weakly  bijective  account  for  a  simple  proof  of  the  completeness  of  the  latter  translation 
with  respect  to  the  reduction  semantics  of  the  involved  calculi. 


Corollary  4.16  ( Completeness  of  SX  for  reduction) 

Assume  that  ,  ;  A  hj  U  :  A. 

If  U  M  and  M  — »  N ,  then  there  is  a  term  V  such  that  U 
and  V  ^4-  N . 


Proof. 


By  the  invertibility  lemma  4.9,  there  is  a  NlL-normal  term  U’  such  that  M  U1  and  U  — t>*il  I 
are  derivable.  By  the  soundness  of  A S  with  respect  to  reduction,  there  are  terms  V  and  V’  such  that 


S  ,  T/'  S  ,*  T // 

^/3  r  ^NIL  r 


By  virtue  of  Lemma  3.9,  we  can  postpone  the  NlL-reductions  that  lead  from  U  to  U1 ,  obtaining  a  term 
V  such  that 


u  ~^f>V  ^llhV' 
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On  the  other  hand,  by  untyped  invertibility,  there  is  a  derivation  of  V'  N .  At  this  point,  an  iterated 
use  of  the  invariance  of  S A  under  NlL-expansion  (Lemma  4.15)  allows  us  to  obtain  the  desired  derivation 
ofV-^N.  EZf 


We  conclude  this  section  by  showing  that  S A  is  sound  with  respect  to  the  reduction  semantics  of 
S~^~ °&T.  The  above  invariance  lemmas  capture  this  property  in  the  case  of  NlL-reduction.  Therefore,  we 
focus  the  discussion  on  /3-reductions. 

The  required  steps  in  order  to  achieve  this  result  are  reminiscent  of  the  path  we  followed  when  proving 
the  analogous  statement  for  A S.  There  are  however  three  important  differences.  First,  the  proofs  are 
much  simpler  in  the  present  case.  Second,  the  statements  below  do  not  need  to  mention  any  typing 
information.  Third,  NlL-reductions  do  not  appear  in  these  statements.  This  overall  simplification  derives 
from  the  fact  that,  because  of  the  presence  of  NlL-reduction,  S^~ 0&T  has  more  structure  than  A_>_0&T. 
Therefore,  while  A S  needed  to  extract  the  additional  information  from  a  typing  derivation,  S A  can  simply 
forget  about  the  extra  structure  of  the  S^~ 0&T  terms  it  acts  upon. 

The  first  step  towards  the  soundness  of  S A  with  respect  to  (/3-)reduction  is  given  by  the  following 
substitution  lemma,  needed  to  cope  with  functional  objects,  both  linear  and  intuitionistic. 

Lemma  4.17  ( Substitution  in  S A) 

i.  If  Qy.U  -5A*  M  and  Qv  ::  V  N,  then  Q'  ::  [V/x]U  [N/x\M. 

ii.  If  Q  ::  S\M  ^  M'  and  Qv  ::  V  N,  then  Q'  ::  [V / x\S\[N / x\M  ^  [. N/x\M '. 

Proof. 

By  induction  on  the  structure  of  Q.  SZf 


In  order  to  handle  the  translation  rules  for  the  two  forms  of  application  of  S 0&T,  we  need  the 
following  technical  result,  akin  to  the  spine  reduction  lemma  presented  in  Section  4.2. 


Lemma  4.18  ( Seed  reduction) 

If  Q  ::  S\M  AAs.  /\r  and  JZ  ::  M  — ►  M',  then  there  is  a  term 
N'  such  that  Q'  ::  S\M'  AAs.  j\f'  an(]  -jz'  ■■  j\f  — y  j\f\ 

Proof. 

By  induction  on  the  structure  of  Q.  SZf 


S  \M — N 


S  \M'  ••••  —  ••►  N' 


Finally,  we  have  the  following  soundness  theorem,  that  states  that  S A  preserves  /3-reduction. 


Theorem  4.19  ( Soundness  of  SX  for  fd-reducibihty) 

i.  If  7Z  ::  U  U'  and  Q  ::  U  M,  then  there  is  a  term  M'  such 

that  TV  ::  M  — t  M'  and  Q'  ::  U'  ^  M'. 

ii.  If  7Z  ::  S  S'  and  Q  ::  S\N  M,  then  there  is  a  term  M'  such 

that  TV  ::  M  — t  M'  and  Q'  ::  S'  \N  ^  M' . 


U 


s 


P 


U' 


s\ 

M 


s\ 


M' 


Proof. 

By  induction  on  the  structure  of  1Z.  SZf 

We  can  summarize  the  previous  theorem,  stating  the  soundness  of  SX  for  /3-reducibility,  and  the  in¬ 
variance  lemma  4.14,  expressing  the  soundness  of  S A  for  NlL-reducibility  in  a  single  statement  mentioning 
the  generic  notion  of  reduction  of  S^~ 0&T. 
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Corollary  4.20  ( Soundness  of  SX  for  reducibility) 

If  U  — ^-t>  V  and  U  -AV.  M ,  then  there  is  a  term  N  such  that  M  — N 
and  V  -AV.  N . 

Proof. 

Depending  on  whether  — y  is  — »NIL  or  — yp,  this  statement  corresponds 
to  Lemma  4.14  or  to  theorem  4.19,  respectively.  In  the  former  case,  N  =  M 
and  — >*  is  instantiated  to  the  identity.  SZf 


U - V 


M . -  # 


Clearly,  the  above  result  holds  also  relatively  to  the  reflexive  and  transitive  closure  of  — y. 

The  previous  theorem,  together  with  the  fact  that  SX  and  A S  form  a  pair  of  inverse  functions,  allows 
us  to  achieve  a  simple  proof  of  the  completeness  of  A S  with  respect  to  the  reduction  semantics  of  S^~ 0&T . 
Notice  that  this  corollary  mentions  both  [3 -  and  NlL-reductions. 


Corollary  4.21  ( Completeness  of  XS  for  reduction) 

Assume  that  ,  ;  A  hj  M  :  A. 

If  M  AA.  jj  and  jj  -^-yp  V  —t-nil  ^  Wlth  V  m  NIL -normal  form, 
then  there  is  a  term  N  such  that  M  — y  N  and  N  AA.  V . 


M . ►  N 


Proof. 

By  the  untyped  invertibility  lemma  4.10,  there  is  a  derivation  of  U  M .  By  the  soundness  of  SX 
with  respect  to  /3-reduction,  there  is  a  term  N  such  that  M  — y  N  and  V  -^-y  N.  By  the  invariance 
of  SX  under  NlL-reduction,  there  is  a  derivation  of  V  -^-y  N .  By  composing  various  typing  soundness 
results,  we  obtain  that  ,  ;  A  bs  V  :  A,  so  that  we  can  apply  the  invertibility  lemma,  obtaining  that 
N  ^4-  V  is  derivable.  SZf 


5  Properties  of  5^-°&T 

We  will  now  present  the  main  properties  of  S^~ 0&T;  ultimately  strong  normalization  and  the  uniqueness 
of  normal  forms.  In  order  to  do  so,  we  will  take  advantage  of  the  facts  that  similar  results  hold  for  ,W-0&T ; 
and  that  we  have  reasonably  well-behaved  translations  to  and  from  this  calculus.  An  alternative  would 
have  been  to  give  direct  proofs  of  these  properties. 

We  begin  by  showing  that  S^~ 0&T  admits  confluence  and  the  Church-Rosser  property.  Differently 
from  A_>^>&t,  the  statement  of  this  properties  must  include  typing  assumptions  in  order  to  express 

5 

certain  extensionality  requirements.  For  typographic  reasons,  we  model  the  equivalence  relation  =  with 
a  double  arrow. 

Theorem  5.1  ( Church-Rosser ) 

Confluence:  Assume  that  U  ::  ,  ;  A  bs  U  :  A. 

If  1Z'  ::  U  U'  and  1Z"  ::  U  —y*  U" ,  then  there  is  a  term 
V  such  that  1Z*  ::U'  -V  V  and  TZ**  ::  U"  -V  V. 

Similarly  for  spines 

Church-Rosser:  Assume  that  U'  ::  ,  ;  A  bs  U'  :  A  and  U"  ;  A  bs  U"  :  A. 

5 

If  TZ  ::  U'  =  U" ,  then  there  is  a  term  V  such  that 
TZ*  ::  V  -V  V  and  TZ**  ::  U"  -V  V. 

Similarly  for  spines 
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Proof. 


We  will  carry  out  the  proof  in  the  case  of  confluence  only.  The  Church-Rosser  property  is  handled 
similarly. 

Since,  by  Lemma  4.8,  S A  is  a  total  function  over  S^~ 0&T,  there  is  a  unique  term  M  such  that 
U  -^A-  M  is  derivable.  By  typing  soundness,  we  obtain  that  ,  ;Ahs  M  ft  A.  By  iterated  applications  of 
the  soundness  of  S A  over  reduction,  we  deduce  that  there  are  terms  M'  and  M"  such  that  M  — A  M' 
and  U'  ~^A  M' ,  and  similarly  M  — A  M"  and  U"  ~^A  M" .  By  subject  reduction,  we  have  that 
,  ;  A  hs  M'  ft  A  and  ,  ;  A  hs  M"  jf  A.  By  the  confluence  property  of  A_>_0&T,  we  know  that  there 
exists  a  term  N  such  that  M'  — A  N  and  M"  — A  N  are  derivable. 

By  the  invertibility  lemma,  there  are  terms  U*  and  U**  such  that  M'  Ay  U*  with  U'  — ^>*IL  U* 

and  M"  Ay  U**  with  U"  — — t-nil  U** .  By  the  soundness  of  A S  with  respect  to  reductions,  there  are  terms 
V'  and  V"  such  that  U*  —A.*  y1  anc[  ]\r  TTs.  yf  anc[  similarly  U**  ~^A*  V"  and  N  — A  V" .  However, 
since  A S  is  a  function,  V'  =  V" ]  let  us  call  this  term  V.  By  composing  the  various  reductions  above,  we 
obtain  the  desired  derivations  of  U'  -^A*  V  and  U"  ~^A*  V.  Ef 

Next,  we  consider  the  S^~ 0&T  equivalent  of  the  transitivity  lemma  2.3  discussed  in  Section  2.  As  in 
A->'-o&t,  we  must  distinguish  the  linear  and  the  intuitionistic  cases,  but  we  have  no  convenient  notation 
that  spans  uniformly  over  terms  and  spines.  Therefore,  the  lemma  below  has  four  parts. 

Lemma  5.2  ( Transitivity ) 

i.  If  U  ::  .  :A.x:ll  ■  >;  U  :  A  and  Uy  ::  ,  ;  A'  bs  V  :  B,  then  W  ::  ,  ;  A,  A'  bs  [V/x]U  :  A. 

ii.  If  S  ::  ,  ;  A,  x :  B  bs  S  :  A  >  a  and  Uv  ;  A'  bs  V  :  B,  then  S'  ::  ,  ;  A,  A'  bs  [W /a?] b?  :  A  >  a. 

m.  If  U  ,x:B;  A  bs  U  :  A  and  Uy  ::  ,  ;  •  bs  V  :  B,  then  U'  ::  ,  ;  A  bs  [V /  x]U  :  A. 

tv.  If  S  ::  ,  ,  x :  B;  A  bs  S  :  A  >  a  and  Uy  •  b z  V  :  B,  then  U'  ::  ,  ;  A  bs  \V / x\S  :  A  >  a. 

Proof. 

We  prove  this  lemma  by  means  of  a  technique  similar  to  the  one  we  just  sketched  in  the  case  of  the 
Church-Rosser  property.  We  illustrate  the  manner  spines  are  handled  by  presenting  the  full  treatment  of 
case  (ii).  The  treatment  of  the  other  parts  is  similar  or  simpler. 

Let  z  be  a  variable  that  does  not  appear  in  neither  ,  ,  A,  nor  A',  and  that  is  different  from  x.  We  will 
use  it  as  a  generic  head  for  S.  By  rule  lAJvar,  there  is  a  (trivial)  typing  derivation  of  ,  ;  z :  A  bs  z  f  A. 

On  the  basis  of  this  fact,  by  the  soundness  of  S A  for  typing  (Theorem  4.7),  there  is  a  term  M  such 

that  S\z  -^A  M  and  ,  ;A,  x  :  B,z  :  A  bs  M  jf  a  are  derivable.  By  the  same  theorem,  there  is  a 
term  N  and  derivations  of  V  -^A  N  and  ,  ;  A'  bs  N  jf  B.  By  the  transitivity  lemma  2.3  for  A_>_0&T, 

,  ;  A,  A',  z:A  bs  [N/x\M  -ft-  a  is  derivable. 

By  rule  AS_var,  there  is  a  derivation  of  z\S  AC.  z  .  S.  By  the  invertibility  lemma  4.9,  there  is  a  term 
U'  and  derivations  of  M  -A*  U'  and  z  ■  S  —AxilU'.  By  inversion  on  the  reduction  rules  for  S^~ 0&T, 

U'  =  z  ■  S'  for  some  spine  S'.  Therefore,  by  rule  Sr_var,  there  must  be  a  derivation  of  S  — — ■ 

Again  by  the  invertibility  lemma  4.9,  there  is  a  term  V'  and  a  derivation  N  -A-  V' ,  where  V  V 

is  derivable.  By  the  substitution  lemma  4.4,  there  is  a  term  V  and  derivations  of  [N/x\M  -A-  V  and 

z  ■  (\y' lx\Sr)  — — t'otl  V  (remember  that  x  A  z)-  Again  by  invertibility  on  the  reduction  rules  for  S^~ 0&T, 
V  =  z  ■  S  for  some  spine  S,  and  \V' / x\S'  — — S.  By  iterated  applications  of  the  substitution  lemma  3.8, 
there  is  a  derivation  of  \V / x\S  — — S. 

By  the  soundness  of  A S  with  respect  to  typing,  ,  ;  A,  A',  z  :  A  bs  z  ■  S  :  a  is  derivable.  By  inversion 
on  rule  lSJvar,  ,  ;  A,  A'  bs  S  :  A  >  a  is  derivable  as  well.  Now,  since  NlL-expansion  preserves  typing, 

there  is  a  derivation  of  ,  ;  A,  A'  bs  \V / x\S  :  A  >  a.  SZf 

The  next  property  we  are  interested  in  proving  for  S^~ 0&T  is  subject  reduction.  Again,  we  must 
deal  separately  with  terms  and  with  spines.  Remember  that  we  have  already  proved  this  property  in  the 
subcase  of  NlL-reduction. 
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Lemma  5.3  ( Subject  reduction) 

i.  If  A/::.:  A  •  v  /  :  \  and  Q  ::  U  -A  V,  then  U'  ::  ,  ;  A  bs  V  :  A. 

11.  If  S  ;  A  bs  5  :  A  >  a  and  Q  ::  5  A  S',  then  S'  ::  ,  ;  A  bs  S'  :  A  >  a. 

Proof. 

We  will  prove  only  part  (*)  of  this  statement.  Part  (n)  adapts  the  technique  we  just  applied  in  the 
transitivity  lemma. 

By  the  soundness  of  S A  with  respect  to  typing,  there  are  a  term  M  and  derivations  of  IJ  -^A  M  and 
,  ;  A  l~s  M  ft  A.  By  the  soundness  of  S A  with  respect  to  reductions,  there  are  a  term  N  and  derivations 
of  V  "-— — — t  N  and  M  — y*  N .  By  the  subject  reduction  property  of  A_>_0&T,  ,  ;Ahs  N  ft  A  is  derivable. 

Now,  by  the  soundness  of  A S  with  respect  to  typing,  there  is  a  term  V'  such  that  ,  ;  A  hj  V'  :  A  and 

N  -^A  V  are  derivable.  On  the  other  hand,  by  the  invertibility  lemma  4.9,  there  is  a  term  V"  such  that 
N  -AA  y"  anc[  y  A Ls.*il  V "  are  derivable.  However,  since,  by  Lemma  4.2,  A S  is  a  function,  we  have  that 
V'  =  V" .  Then,  in  order  to  conclude  this  proof,  we  simply  take  advantage  of  the  fact  that  NlL-expansion 
preserves  typing  (Lemma  3.3)  to  obtain  the  desired  derivation  of  ,  ;  A  h s  V  :  A.  SZf 

We  now  tackle  strong  normalization  which,  as  in  the  case  of  A_>_0&T,  states  that  no  infinite  chain 
of  (either  NIL-  or  j3~)  reductions  can  start  from  a  well-typed  S^~ 0&T  term.  Therefore,  we  can  reduce  a 
well-typed  term  to  normal  (actually  canonical)  form  by  exhaustively  reducing  randomly  selected  redices. 

Theorem  5.4  ( Strong  normalization) 

i.  If  U  A  bs  U  :  A,  then  U  is  strongly  normalizing, 
it.  If  S  ::  ,  ;  A  bs  S  :  A  >  a,  then  S  is  strongly  normalizing. 

Proof. 

We  will  prove  only  part  (*)  of  this  theorem.  Part  (n)  is  handled  similarly. 

Assume  we  have  a  (possibly  infinite)  sequence  of  terms  Uo,U\,U2,  ■  ■  ■  such  that  U  =  U0  and  there  are 
derivations  for  the  following  reductions: 


TT  S  x  JJ  S  x  JJ  S' 

a  —  Uo  — IJ\  — t  c/ 2  — >  •  •  • 

By  the  soundness  of  S A  with  respect  to  reducibility,  every  /3-reduction  in  cr  corresponds  to  a  reduction  in 
y->-o&T  (Theorems  4.19)  while  every  NlL-reduction  disappears  (Lemma  4.14).  This  entails  that  there  is  a 
sequence  of  A_>_0&T  term  Mo,  Mi,  M2,  ■  ■  ■  such  that  on  the  one  hand  there  are  derivations  of  U{  M^^) 
where  ip  maps  maximal  subsequences  of  cr  linked  by  NlL-reductions  to  the  same  A_>_0&T  term,  and  on 
the  other  hand  the  following  reduction  sequence  is  derivable 

cr 1  =  Mo  — y  Mi  — y  M2  — y  . . . 

Notice  in  particular  that  there  is  a  derivation  of  U  Mo-  Therefore,  by  the  soundness  of  S A  with 
respect  to  typing,  the  judgment  ,  ;  A  hs  Mo  ft  A  is  derivable.  By  the  strong  normalization  theorem 
for  A^-°&t,  cr'  is  finite.  Then,  also  cr  must  be  finite  since,  by  the  strong  normalization  of  NlL-reduction 
(Lemma  3.7),  the  maximal  subsequences  of  NlL-reducts  collapsed  by  ip  are  finite.  SZf 

Strong  normalization  ensures  that  exhaustive  reductions  of  a  well-typed  5,->-_0&T  term  (or  spine)  will 
eventually  produce  an  object  in  normal  form.  Depending  on  which  redex  is  selected  at  each  step,  this 
procedure  might  yield  different  normal  objects.  The  uniqueness  corollary  below  guarantees  that  every 
reduction  path  will  lead  to  the  same  normal  term  (or  spine),  up  to  the  renaming  of  bound  variables. 

Corollary  5.5  (  Umgueness  of  normal  forms) 

1.  If  U  ::  ,  ;  A  bs  U  :  A,  then  there  is  a  umgue  normal  term  V  such  that  Q'  ::  U  — >*  V. 
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ii.  If  >5  ;  A  l~s  S  :  A>  a,  then  there  is  a  unique  normal  spine  S'  such  that  Q'  ::  S  — >*  S'. 

Proof. 

By  the  strong  normalization  theorem,  we  know  that  every  sequence  of  reductions  starting  at  U  leads 
to  a  term  in  normal  form.  Let  consider  two  reduction  sequences  validating  U  — >*  V  and  U  — >*  V" , 
for  terms  V'  and  V"  in  normal  form.  By  confluence,  there  is  a  term  V  to  which  both  reduce.  However, 
since  V'  and  V"  do  not  contain  redices,  the  only  way  to  close  the  diamond  is  to  have  that  V'  =  V"  =  V , 
and  use  the  identical  reduction. 

We  proceed  similarly  in  order  to  prove  the  second  part  of  this  statement.  SZf 

As  in  the  case  of  A_>_0&T,  the  above  results  entitle  speaking  about  the  normal  form  (or  equivalently 
the  canonical  form)  of  a  term  U  or  a  spine  S,  whenever  these  objects  are  well-typed.  We  denote  this 
term  and  spine  Can(17)  and  Can)^),  respectively.  A  calculus  that  accepts  only  canonical  objects  can  be 
obtained  from  the  typing  system  displayed  in  Figure  3  by  simply  removing  rule  lS_redex. 

A  term  (spine)  in  which  redices  appear  at  most  in  the  argument  of  an  application  is  said  to  be  in 
weak  head-normal  form.  Any  well-typed  term  can  be  converted  to  weak-head  normal  form  by  repeatedly 
selecting  a  redex  that  violates  this  property  and  reducing  it.  A  similar  property  holds  for  spines.  We 
use  U  and  S  to  denote  the  weak-head  normal  form  of  a  term  U  and  a  spine  S,  respectively.  Weak 
head-normalization  is  not  as  computationally  expensive  as  full  normalization  since  it  operates  on  shallow 
redices  only.  However,  it  exposes  enough  of  a  normal  form  to  work  comfortably  in  many  circumstances. 
Therefore,  the  implementation  of  procedures  that,  by  their  very  nature,  need  to  perform  reductions, 
unification  for  example,  often  rely  on  weak  head-normalization  rather  than  on  full  normalization. 


6  Further  Remarks 

In  this  section,  we  briefly  report  on  important  relationships  between  our  spine  calculus  and  other  formal 
systems  in  the  literature.  More  precisely,  we  hint  at  an  alternative  development  of  the  results  obtained 
in  this  paper  (Section  6.1),  point  at  a  relationship  between  the  spine  calculus  and  the  logic  programming 
notion  of  uniform  derivability  (Section  6.2),  and  discuss  related  work  (Section  6.3). 

6.1  Alternative  Development 

We  observed  that  the  spine  calculus  S^~ 0&T  has  more  structure  than  the  corresponding  traditional 
formulation,  as  manifested  by  the  presence  of  the  NlL-reduction  rule,  which  has  no  equivalent  in  A_>_0&T. 
When  analyzing  the  translation  function  A S,  we  had  to  recover  this  additional  structure  by  accompanying 
most  statements  with  A_>_0&T  typing  derivations.  This  step  was  over-restrictive,  but  acceptable  because 
of  our  interest  in  well-typed  terms  only. 

We  can  achieve  a  better  correspondence  by  enriching  the  syntax  of  A_>_0&T  with  the  two  new  operators 
AC  and  CA.  Let  us  call  the  enriched  language  A^-0&T.  We  use  these  new  constructs  to  annotate  the 
coercion  rules  lA^atm  and  lA_redex,  which  become: 

,  ;  A  bs  M  l  a  ,  ;  A  h  s  A 

- 1 A  _at.  in  - lA_redex 

,  ;  A  bs  AC  M  f|-  a  ,  ;Ahs  ca  M  f  A 

Notice  that  every  typing  derivation  ,  ;  A  hs  M  ffj,  A  can  now  be  uniquely  reconstructed  on  the  basis 
of  the  term  M,  except  for  the  composition  of  the  context  ,  ;  A  (in  particular,  the  manner  A  is  split  in 
certain  applications  of  multiplicative  rules). 

We  augment  the  reduction  semantics  of  A_>_0&T  with  the  rule 

j3ac  :  ca(acM)  — >  M 

which  corresponds  to  eliminating  alternations  of  rules  lA^atm  and  lA_redex.  We  call  the  expression  on 
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the  left-hand  side  of  the  arrow  a  coercion  redex.  The  other  reduction  rules  are  upgraded  as  follows: 


FST  (CA  (M,  N)) 
SND  (CA  (M,  N)) 
(CA  (A x\A.M)YN 
(ca(A  x:A.M))N 


M 

N 

[N/x\M 

[N/x]M 


Then,  the  absence  of  any  occurrence  of  CA  in  a  well-typed  term  implies  that  a  term  does  not  contain 
redices,  and  therefore  that  it  is  in  normal  form. 

We  modify  the  translation  rules  AS_atm  and  AS_redex  as  follows: 

M\nil^  H  -S  A-f  AS)  jj 

- A  S  _at.  in  - AS_redex 

AC  M^H-S  CA  M\S^AU-S 

Notice  the  absence  of  side-conditions.  On  the  basis  of  these  upgraded  definitions,  it  is  easy  to  see  that 
A S  maps  coercion  redices  to  NIL  redices,  and  therefore  applications  of  the  new  reduction  rule  f3ac  are 
emulated  in  S^~ 0&T  by  NlL-reductions. 

Rules  SA_con,  SA_var  and  SA_redex  of  S A  are  modified  as  follows: 

S\c-^AM  S\x-^AM  U^M'  S\gaM'^M 

- SA_con  - SA_var  - SA_redex 

c-S^acM  x  ■  S  agM  U  -  S  agM 


The  new  and  improved  S A  translates  NlL-redices  to  coercion  redices  and  puts  NlL-reductions  and  f3ac  in 
one-to-one  correspondence.  As  we  suggested,  this  treatment  eliminates  the  mismatch  between  A_>_0&T 
and  S^~ 0&T  that  led  to  many  of  the  complications  in  Section  4. 

Using  A^-0&T  as  an  external  language  is  impractical  for  most  applications.  Indeed,  a  more  reasonable 
approach  is  to  give  the  user  the  simpler  A_>_0&T  and  have  coercions  filled  in  during  parsing;  this  is 
essentially  what  A S  did  in  the  previous  sections.  Coercions  need  to  be  inserted  at  every  alternation  of 
constructors  and  destructors  in  a  term.  Notice  that  the  resulting  object  does  not  contain  coercion  redices 
but,  similarly  to  NlL-redices,  they  may  be  exposed  by  the  application  of  /3-reductions.  Further  flexibility 
can  be  achieved  by  relieving  the  user  from  the  requirement  of  writing  terms  in  ry-long  form  only:  subterms 
can  be  expanded  as  soon  as  their  type  has  been  inferred  as  a  result  of  type  checking. 


6.2  Relationship  to  Uniform  Provability 

An  abstract  logic  programming  language  [MNPS91]  is  a  fragment  of  a  logic  such  that  every  derivable  se¬ 
quent  has  a  uniform  derivation.  An  intuitionistic  cut-free  sequent  derivation  is  uniform  if  it  is  constructed 
in  the  following  way,  from  the  bottom  up:  right  introduction  rules  are  applied  until  the  formula  on  the 
right-hand  side  of  the  sequent  (the  goal  formula)  is  atomic,  then  a  formula  on  the  left-hand  side  (the 
program)  of  the  sequent  is  selected  (the  focus  or  stoup)  and  left  introduction  rules  are  applied  to  it  until 
the  same  atomic  formula  is  exposed,  possibly  spawning  subgoals  that  are  to  have  uniform  proofs. 

The  fragment  of  linear  logic  obtained  by  considering  the  types  of  A_>_0&T  and  S~^~ 0&T  as  logic 
formulas  is  known  as  the  language  of  (propositional)  linear  hereditary  Harrop  formulas  [HM94,  Cer96]. 
We  denoted  it  ILL~^~oiiT  in  Section  2.  This  formalism  is  an  abstract  logic  programming  language  and 
a  uniform  proof  system  for  it,  adapted  from  [Cer96],  is  reported  in  Figure  9.  The  uniform  provability 
judgment 

,;AAd 

is  subject  to  the  application  of  the  right  introduction  rules  of  a  sequent  calculus  presentation  of  ILL~^~oiiT . 
When  an  atomic  formula  a  is  exposed  (rules  u_lin  and  u_int) ,  a  program  formula  A  is  selected  and  isolated 
in  the  central  part  of  the  immediate  entailment  judgment 

,  ;  A  ^4  A  »  a 


and  left  introduction  rules  are  applied  to  it. 
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Figure  9:  Uniform  Derivability 


There  is  a  striking  correspondence  between  the  proof  system  displayed  in  Figure  9  and  the  typing 
inference  system  for  S^~ 0&T  given  in  Figure  1.  Indeed,  deleting  every  trace  of  terms  from  the  typing 
rules  of  our  spine  calculus  yields  precisely  the  above  derivability  rules  for  ILL~^~oiiT ,  except  for  rules 
lS_con  and  lS_redex  that  do  not  have  any  match.  A  uniform  provability  equivalent  of  rule  lS_con  can 
be  obtained  by  partitioning  the  left-hand  side  of  a  sequent  into  an  intuitionistic  program,  corresponding 
to  the  concept  of  signature,  and  a  collection  of  dynamic  assumptions,  corresponding  to  the  notion  of 
context  in  S^~ 0&T.  If  we  ignore  the  terms  in  rule  lS_redex,  we  recognize  an  analogue  of  the  cut  rule. 
Clearly,  since  uniform  derivations  are  cut-free,  the  system  in  Figure  9  is  not  supposed  to  contain  such  an 
inference  figure. 

The  similarity  between  the  inference  rules  of  uniform  provability  and  the  typing  rules  of  S^~ 0&T 
indicates  that  our  spine  calculus  is  a  natural  term  assignment  system  for  uniform  derivations.  This  sets 
the  basis  for  a  form  of  the  Curry-Howard  isomorphism  [How69]  between  normal,  well-typed  S^~ 0&T 
terms  and  valid  uniform  derivations  in  ILL^~°&T . 

6.3  Related  Work 

The  uniform  derivation  system  given  in  Figure  9  is  a  presentation  of  the  sequent  calculus  for  7LL_*'_0&T 
that  embeds  restrictions  on  the  applicability  of  inference  rules.  The  strong  relationship  between  intuition¬ 
istic  fragment  of  sequent  calculi  (not  necessarily  linear)  and  term  languages  akin  to  our  spine  calculus  has 
been  already  noticed  in  the  literature.  A  first  indirect  reference  appears  in  the  seminal  work  of  Howard 
on  the  types-as- formulas  correspondence  [How69],  although  a  formal  spine-like  calculus  is  not  defined. 

In  [Her95],  Herbelin  presents  a  systematic  account  of  the  relationship  between  the  system  LIT  and 
the  term  language  A,  which  extends  the  A-*"  restriction  of  our  spine  calculus  with  a  spine  concatenation 
operator  and  explicit  substitutions.  LJT  is  a  slightly  massaged  variant  of  the  implicational  fragment  of 
Gentzen’s  intuitionistic  sequent  calculus  with  ideas  similar  to  the  uniform  provability  system  from  the 
previous  section:  in  particular  the  left-hand  side  of  a  sequent  contains  a  stoup  and  left  rules  are  restricted 
to  operate  only  to  the  formula  currently  on  focus.  Since  no  extensionality  requirement  is  made  on  A  terms, 
the  calculus  relies  on  concatenation  to  append  fragmented  spines.  The  presence  of  explicit  substitutions 
provides  a  direct  handling  of  the  two  cut-rules  of  this  calculus.  A  is  defined  for  foundational  reasons, 
as  the  target  A-calculus  of  a  derivations-as-terms  correspondence  for  LJT .  Indeed,  its  reduction  rules 
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correspond  to  the  steps  in  a  cut-elimination  procedure  for  LJT,  so  that  strong  normalization  theorem  for 
A  subsumes  the  cut-elimination  property  for  this  logic. 

Schwichtenberg  [Sch97]  adopts  a  similar  approach  relatively  to  a  richer  logic  consisting  of  implication, 
conjunction  and  universal  quantification.  He  starts  from  a  more  traditional  presentation  of  the  sequent 
calculus.  In  particular  the  absence  of  a  stoup  forces  him  to  consider  permutative  conversions.  The 
term  calculus  he  proposes  differs  from  Herbelin’s  by  the  absence  of  explicit  concatenation  operators  and 
substitutions.  It  is  therefore  more  similar  to  our  spine  calculus. 

Barendregt  [Bar80]  relies  on  an  term  language  akin  to  our  spine  calculus  to  study  the  notion  of 
normalization  in  the  untyped  A-calculus.  Terms  in  this  language  are  called  Bohm  trees. 


7  Conclusion  and  Future  Work 

In  this  paper,  we  have  formalized  an  alternative  presentation  of  the  linear  A-calculus  A_>_0&T  which  we  be¬ 
lieve  can  be  used  to  improve  the  efficiency  of  critical  procedures  such  as  unification  in  the  implementation 
of  languages  based  on  (linear)  A-calculi.  The  resulting  language,  the  spine  calculus  S^~ 0&T,  strengthens 
the  natural  adaptation  of  the  notion  of  abstract  Bohm  tree  [Bar80,  Her95]  to  encompass  extensional 
products  (&),  a  unit  type  (T)  and  linearity  (— o),  with  the  further  requirement  that  well-typed  terms  be 
in  ry-long  form.  S^~ 0&T  terms  of  base  type  are  structured  similarly  to  the  objects  found  in  first-order 
term  languages.  In  particular,  their  head  is  immediately  available,  an  important  benefit  for  procedures 
such  as  unification  that  base  a  number  of  choices  on  the  nature  of  the  heads  of  the  terms  they  operate 
upon.  Having  extensionality  built-in  permits  avoiding  the  overhead,  both  in  terms  of  bookkeeping  and 
execution  time,  of  performing  ry-conversions  at  run  time. 

The  intended  applications  of  this  work  lie  in  proof  search,  logic  programming,  and  the  implementation 
of  logical  frameworks  based  on  linear  type  theories.  In  particular,  the  spine  calculus  S^~ 0&T  has  been 
designed  as  a  first  approximation  of  an  internal  representation  for  the  type  theory  ,\n_0&T  underlying  the 
linear  logical  framework  LLF  [Cer96,  CP96].  An  extension  to  the  full  language,  which  includes  dependent 
types,  does  not  appear  to  be  problematic.  The  adoption  of  a  spine  calculus  as  an  internal  representation 
device  appears  to  integrate  well  with  the  simultaneous  use  of  explicit  substitutions  [ACCL91].  However, 
the  details  of  the  amalgamation  of  these  two  techniques  in  the  presence  of  linearity  still  need  to  be  worked 
out. 

A  variant  of  the  spine  calculus  deprived  of  linear  constructs,  but  featuring  dependent  types  and 
explicit  substitutions  is  currently  tested  in  a  new  implementation  of  the  linear  framework  LF  [HHP93]  as 
a  higher-order  constraint  logic  programming  language.  This  system,  called  Twelf ,  is  expected  to  supersede 
the  Elf  implementation  of  LF  currently  in  use  [Pfe91,  Pfe94].  It  will  be  available  later  this  year. 
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